ok github.com/google/syzkaller/dashboard/app 1.909s ? github.com/google/syzkaller/dashboard/dashapi [no test files] ok github.com/google/syzkaller/executor 0.799s ok github.com/google/syzkaller/pkg/ast 5.681s ok github.com/google/syzkaller/pkg/bisect 128.510s ok github.com/google/syzkaller/pkg/build 2.719s ok github.com/google/syzkaller/pkg/compiler 26.477s ok github.com/google/syzkaller/pkg/config (cached) ok github.com/google/syzkaller/pkg/cover 0.591s ? github.com/google/syzkaller/pkg/cover/backend [no test files] --- FAIL: TestGenerate (68.36s) --- FAIL: TestGenerate/openbsd/amd64 (0.51s) csource_test.go:68: seed=1609162338237884036 --- FAIL: TestGenerate/openbsd/amd64/8 (4.96s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox: Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); loop(); return 0; } :305:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :303:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor838457124 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/12 (4.87s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:true Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static __thread int skip_segv; static __thread jmp_buf segv_env; static void segv_handler(int sig, siginfo_t* info, void* ctx) { uintptr_t addr = (uintptr_t)info->si_addr; const uintptr_t prog_start = 1 << 20; const uintptr_t prog_end = 100 << 20; int skip = __atomic_load_n(&skip_segv, __ATOMIC_RELAXED) != 0; int valid = addr < prog_start || addr > prog_end; if (skip && valid) { _longjmp(segv_env, 1); } exit(sig); } static void install_segv_handler(void) { struct sigaction sa; memset(&sa, 0, sizeof(sa)); sa.sa_sigaction = segv_handler; sa.sa_flags = SA_NODEFER | SA_SIGINFO; sigaction(SIGSEGV, &sa, NULL); sigaction(SIGBUS, &sa, NULL); } #define NONFAILING(...) ({ int ok = 1; __atomic_fetch_add(&skip_segv, 1, __ATOMIC_SEQ_CST); if (_setjmp(segv_env) == 0) { __VA_ARGS__; } else ok = 0; __atomic_fetch_sub(&skip_segv, 1, __ATOMIC_SEQ_CST); ok; }) static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: NONFAILING(*(uint32_t*)0x20000000 = 0); syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: NONFAILING(*(uint16_t*)0x20000040 = 0x18); NONFAILING(*(uint16_t*)0x20000042 = htobe16(0x4e21)); NONFAILING(*(uint32_t*)0x20000044 = 6); NONFAILING(*(uint32_t*)0x20000048 = 0x7ff); NONFAILING(*(uint16_t*)0x2000004c = 0x18); NONFAILING(*(uint16_t*)0x2000004e = htobe16(0x4e21)); NONFAILING(*(uint32_t*)0x20000050 = 0xf1); NONFAILING(*(uint32_t*)0x20000054 = 0x401); NONFAILING(*(uint16_t*)0x20000058 = 6); NONFAILING(*(uint32_t*)0x2000005c = 4); NONFAILING(*(uint32_t*)0x20000060 = 0x7f); NONFAILING(*(uint32_t*)0x20000064 = 6); NONFAILING(*(uint32_t*)0x20000068 = 0xfffff4a4); NONFAILING(*(uint32_t*)0x2000006c = 0xff); NONFAILING(*(uint32_t*)0x20000070 = 7); NONFAILING(*(uint32_t*)0x20000074 = 0xfffffffa); NONFAILING(*(uint32_t*)0x20000078 = 0x3000); syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: NONFAILING(*(uint32_t*)0x20000080 = 4); NONFAILING(*(uint32_t*)0x20000084 = 0x18); NONFAILING(*(uint32_t*)0x20000088 = 0x3a); NONFAILING(*(uint32_t*)0x2000008c = 0x12); NONFAILING(memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13)); NONFAILING(*(uint64_t*)0x20000100 = 0xd); syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: NONFAILING(*(uint32_t*)0x20000180 = 0x2b3); syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: NONFAILING(*(uint16_t*)0x20000240 = 0); NONFAILING(*(uint8_t*)0x20000242 = 0); NONFAILING(*(uint32_t*)0x20000244 = 0x4e22); syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: NONFAILING(memcpy((void*)0x20000280, "./file0\000", 8)); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: NONFAILING(*(uint8_t*)0x20000000 = 0xaa); NONFAILING(*(uint8_t*)0x20000001 = 0xaa); NONFAILING(*(uint8_t*)0x20000002 = 0xaa); NONFAILING(*(uint8_t*)0x20000003 = 0xaa); NONFAILING(*(uint8_t*)0x20000004 = 0xaa); NONFAILING(*(uint8_t*)0x20000005 = 0xaa); NONFAILING(*(uint8_t*)0x20000006 = 0xaa); NONFAILING(*(uint8_t*)0x20000007 = 0xaa); NONFAILING(*(uint8_t*)0x20000008 = 0xaa); NONFAILING(*(uint8_t*)0x20000009 = 0xaa); NONFAILING(*(uint8_t*)0x2000000a = 0xaa); NONFAILING(*(uint8_t*)0x2000000b = 0xaa); NONFAILING(*(uint16_t*)0x2000000c = htobe16(0x86dd)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4)); NONFAILING(memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3)); NONFAILING(*(uint16_t*)0x20000012 = htobe16(0x12f8)); NONFAILING(*(uint8_t*)0x20000014 = 4); NONFAILING(*(uint8_t*)0x20000015 = 0xe1); NONFAILING(*(uint8_t*)0x20000016 = 0xfe); NONFAILING(*(uint8_t*)0x20000017 = 0x80); NONFAILING(*(uint8_t*)0x20000018 = 0); NONFAILING(*(uint8_t*)0x20000019 = 0); NONFAILING(*(uint8_t*)0x2000001a = 0); NONFAILING(*(uint8_t*)0x2000001b = 0); NONFAILING(*(uint8_t*)0x2000001c = 0); NONFAILING(*(uint8_t*)0x2000001d = 0); NONFAILING(*(uint8_t*)0x2000001e = 0); NONFAILING(*(uint8_t*)0x2000001f = 0); NONFAILING(*(uint8_t*)0x20000020 = 0); NONFAILING(*(uint8_t*)0x20000021 = 0); NONFAILING(*(uint8_t*)0x20000022 = 0); NONFAILING(*(uint8_t*)0x20000023 = 0); NONFAILING(*(uint8_t*)0x20000024 = 0); NONFAILING(*(uint8_t*)0x20000025 = 0xaa); NONFAILING(*(uint8_t*)0x20000026 = 0xfe); NONFAILING(*(uint8_t*)0x20000027 = 0x80); NONFAILING(*(uint8_t*)0x20000028 = 0); NONFAILING(*(uint8_t*)0x20000029 = 0); NONFAILING(*(uint8_t*)0x2000002a = 0); NONFAILING(*(uint8_t*)0x2000002b = 0); NONFAILING(*(uint8_t*)0x2000002c = 0); NONFAILING(*(uint8_t*)0x2000002d = 0); NONFAILING(*(uint8_t*)0x2000002e = 0); NONFAILING(*(uint8_t*)0x2000002f = 0); NONFAILING(*(uint8_t*)0x20000030 = 0); NONFAILING(*(uint8_t*)0x20000031 = 0); NONFAILING(*(uint8_t*)0x20000032 = 0); NONFAILING(*(uint8_t*)0x20000033 = 0); NONFAILING(*(uint8_t*)0x20000034 = 0); NONFAILING(*(uint8_t*)0x20000035 = 0xbb); NONFAILING(*(uint8_t*)0x20000036 = 0x2f); NONFAILING(*(uint8_t*)0x20000037 = 0); NONFAILING(*(uint8_t*)0x20000038 = 0); NONFAILING(*(uint8_t*)0x20000039 = 0); NONFAILING(*(uint8_t*)0x2000003a = 0); NONFAILING(*(uint8_t*)0x2000003b = 0); NONFAILING(*(uint8_t*)0x2000003c = 0); NONFAILING(*(uint8_t*)0x2000003d = 0); NONFAILING(*(uint8_t*)0x2000003e = 4); NONFAILING(*(uint8_t*)0x2000003f = 1); NONFAILING(*(uint8_t*)0x20000040 = 7); NONFAILING(*(uint8_t*)0x20000041 = 0x81); NONFAILING(*(uint8_t*)0x20000042 = 0); NONFAILING(memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096)); NONFAILING(*(uint8_t*)0x20001046 = 0x67); NONFAILING(*(uint8_t*)0x20001047 = 8); NONFAILING(*(uint8_t*)0x20001048 = 0); NONFAILING(*(uint8_t*)0x20001049 = 9); NONFAILING(*(uint32_t*)0x2000104a = 0); NONFAILING(*(uint8_t*)0x2000104e = -1); NONFAILING(*(uint8_t*)0x2000104f = 2); NONFAILING(*(uint8_t*)0x20001050 = 0); NONFAILING(*(uint8_t*)0x20001051 = 0); NONFAILING(*(uint8_t*)0x20001052 = 0); NONFAILING(*(uint8_t*)0x20001053 = 0); NONFAILING(*(uint8_t*)0x20001054 = 0); NONFAILING(*(uint8_t*)0x20001055 = 0); NONFAILING(*(uint8_t*)0x20001056 = 0); NONFAILING(*(uint8_t*)0x20001057 = 0); NONFAILING(*(uint8_t*)0x20001058 = 0); NONFAILING(*(uint8_t*)0x20001059 = 0); NONFAILING(*(uint8_t*)0x2000105a = 0); NONFAILING(*(uint8_t*)0x2000105b = 0); NONFAILING(*(uint8_t*)0x2000105c = 0); NONFAILING(*(uint8_t*)0x2000105d = 1); NONFAILING(*(uint8_t*)0x2000105e = 0); NONFAILING(*(uint8_t*)0x2000105f = 0); NONFAILING(*(uint8_t*)0x20001060 = 0); NONFAILING(*(uint8_t*)0x20001061 = 0); NONFAILING(*(uint8_t*)0x20001062 = 0); NONFAILING(*(uint8_t*)0x20001063 = 0); NONFAILING(*(uint8_t*)0x20001064 = 0); NONFAILING(*(uint8_t*)0x20001065 = 0); NONFAILING(*(uint8_t*)0x20001066 = 0); NONFAILING(*(uint8_t*)0x20001067 = 0); NONFAILING(*(uint8_t*)0x20001068 = 0); NONFAILING(*(uint8_t*)0x20001069 = 0); NONFAILING(*(uint8_t*)0x2000106a = 0); NONFAILING(*(uint8_t*)0x2000106b = 0); NONFAILING(*(uint8_t*)0x2000106c = 0); NONFAILING(*(uint8_t*)0x2000106d = 0); NONFAILING(*(uint8_t*)0x2000106e = 0xfe); NONFAILING(*(uint8_t*)0x2000106f = 0x80); NONFAILING(*(uint8_t*)0x20001070 = 0); NONFAILING(*(uint8_t*)0x20001071 = 0); NONFAILING(*(uint8_t*)0x20001072 = 0); NONFAILING(*(uint8_t*)0x20001073 = 0); NONFAILING(*(uint8_t*)0x20001074 = 0); NONFAILING(*(uint8_t*)0x20001075 = 0); NONFAILING(*(uint8_t*)0x20001076 = 0); NONFAILING(*(uint8_t*)0x20001077 = 0); NONFAILING(*(uint8_t*)0x20001078 = 0); NONFAILING(*(uint8_t*)0x20001079 = 0); NONFAILING(*(uint8_t*)0x2000107a = 0); NONFAILING(*(uint8_t*)0x2000107b = 0); NONFAILING(*(uint8_t*)0x2000107c = 0); NONFAILING(*(uint8_t*)0x2000107d = 0xaa); NONFAILING(*(uint8_t*)0x2000107e = -1); NONFAILING(*(uint8_t*)0x2000107f = 2); NONFAILING(*(uint8_t*)0x20001080 = 0); NONFAILING(*(uint8_t*)0x20001081 = 0); NONFAILING(*(uint8_t*)0x20001082 = 0); NONFAILING(*(uint8_t*)0x20001083 = 0); NONFAILING(*(uint8_t*)0x20001084 = 0); NONFAILING(*(uint8_t*)0x20001085 = 0); NONFAILING(*(uint8_t*)0x20001086 = 0); NONFAILING(*(uint8_t*)0x20001087 = 0); NONFAILING(*(uint8_t*)0x20001088 = 0); NONFAILING(*(uint8_t*)0x20001089 = 0); NONFAILING(*(uint8_t*)0x2000108a = 0); NONFAILING(*(uint8_t*)0x2000108b = 0); NONFAILING(*(uint8_t*)0x2000108c = 0); NONFAILING(*(uint8_t*)0x2000108d = 1); NONFAILING(*(uint8_t*)0x2000108e = 0xc); NONFAILING(*(uint8_t*)0x2000108f = 0x13); NONFAILING(*(uint8_t*)0x20001090 = 0); NONFAILING(*(uint8_t*)0x20001091 = 0); NONFAILING(*(uint8_t*)0x20001092 = 0); NONFAILING(*(uint8_t*)0x20001093 = 0); NONFAILING(*(uint8_t*)0x20001094 = 0); NONFAILING(*(uint8_t*)0x20001095 = 0); NONFAILING(*(uint8_t*)0x20001096 = 1); NONFAILING(*(uint8_t*)0x20001097 = 4); NONFAILING(*(uint8_t*)0x20001098 = 0); NONFAILING(*(uint8_t*)0x20001099 = 0); NONFAILING(*(uint8_t*)0x2000109a = 0); NONFAILING(*(uint8_t*)0x2000109b = 0); NONFAILING(*(uint8_t*)0x2000109c = 4); NONFAILING(*(uint8_t*)0x2000109d = 1); NONFAILING(*(uint8_t*)0x2000109e = 7); NONFAILING(*(uint8_t*)0x2000109f = 0); NONFAILING(*(uint8_t*)0x200010a0 = 1); NONFAILING(*(uint8_t*)0x200010a1 = 0); NONFAILING(*(uint8_t*)0x200010a2 = 0xc2); NONFAILING(*(uint8_t*)0x200010a3 = 4); NONFAILING(*(uint32_t*)0x200010a4 = htobe32(0xad)); NONFAILING(*(uint8_t*)0x200010a8 = 0); NONFAILING(*(uint8_t*)0x200010a9 = 0x78); NONFAILING(memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120)); NONFAILING(*(uint8_t*)0x20001122 = 0xc2); NONFAILING(*(uint8_t*)0x20001123 = 4); NONFAILING(*(uint32_t*)0x20001124 = htobe32(-1)); NONFAILING(*(uint8_t*)0x20001128 = 1); NONFAILING(*(uint8_t*)0x20001129 = 4); NONFAILING(*(uint8_t*)0x2000112a = 0); NONFAILING(*(uint8_t*)0x2000112b = 0); NONFAILING(*(uint8_t*)0x2000112c = 0); NONFAILING(*(uint8_t*)0x2000112d = 0); NONFAILING(*(uint8_t*)0x2000112e = 0x3a); NONFAILING(*(uint8_t*)0x2000112f = 8); NONFAILING(*(uint8_t*)0x20001130 = 0); NONFAILING(*(uint8_t*)0x20001131 = 0); NONFAILING(*(uint32_t*)0x20001132 = 0); NONFAILING(*(uint8_t*)0x20001136 = -1); NONFAILING(*(uint8_t*)0x20001137 = 2); NONFAILING(*(uint8_t*)0x20001138 = 0); NONFAILING(*(uint8_t*)0x20001139 = 0); NONFAILING(*(uint8_t*)0x2000113a = 0); NONFAILING(*(uint8_t*)0x2000113b = 0); NONFAILING(*(uint8_t*)0x2000113c = 0); NONFAILING(*(uint8_t*)0x2000113d = 0); NONFAILING(*(uint8_t*)0x2000113e = 0); NONFAILING(*(uint8_t*)0x2000113f = 0); NONFAILING(*(uint8_t*)0x20001140 = 0); NONFAILING(*(uint8_t*)0x20001141 = 0); NONFAILING(*(uint8_t*)0x20001142 = 0); NONFAILING(*(uint8_t*)0x20001143 = 0); NONFAILING(*(uint8_t*)0x20001144 = 0); NONFAILING(*(uint8_t*)0x20001145 = 1); NONFAILING(*(uint64_t*)0x20001146 = htobe64(0)); NONFAILING(*(uint64_t*)0x2000114e = htobe64(1)); NONFAILING(*(uint8_t*)0x20001156 = -1); NONFAILING(*(uint8_t*)0x20001157 = 2); NONFAILING(*(uint8_t*)0x20001158 = 0); NONFAILING(*(uint8_t*)0x20001159 = 0); NONFAILING(*(uint8_t*)0x2000115a = 0); NONFAILING(*(uint8_t*)0x2000115b = 0); NONFAILING(*(uint8_t*)0x2000115c = 0); NONFAILING(*(uint8_t*)0x2000115d = 0); NONFAILING(*(uint8_t*)0x2000115e = 0); NONFAILING(*(uint8_t*)0x2000115f = 0); NONFAILING(*(uint8_t*)0x20001160 = 0); NONFAILING(*(uint8_t*)0x20001161 = 0); NONFAILING(*(uint8_t*)0x20001162 = 0); NONFAILING(*(uint8_t*)0x20001163 = 0); NONFAILING(*(uint8_t*)0x20001164 = 0); NONFAILING(*(uint8_t*)0x20001165 = 1); NONFAILING(*(uint8_t*)0x20001166 = 0); NONFAILING(*(uint8_t*)0x20001167 = 0); NONFAILING(*(uint8_t*)0x20001168 = 0); NONFAILING(*(uint8_t*)0x20001169 = 0); NONFAILING(*(uint8_t*)0x2000116a = 0); NONFAILING(*(uint8_t*)0x2000116b = 0); NONFAILING(*(uint8_t*)0x2000116c = 0); NONFAILING(*(uint8_t*)0x2000116d = 0); NONFAILING(*(uint8_t*)0x2000116e = 0); NONFAILING(*(uint8_t*)0x2000116f = 0); NONFAILING(*(uint8_t*)0x20001170 = -1); NONFAILING(*(uint8_t*)0x20001171 = -1); NONFAILING(*(uint32_t*)0x20001172 = htobe32(0xe0000002)); NONFAILING(*(uint8_t*)0x20001176 = 4); NONFAILING(*(uint8_t*)0x20001177 = 4); NONFAILING(*(uint8_t*)0x20001178 = 0); NONFAILING(*(uint8_t*)0x20001179 = 0xfe); NONFAILING(*(uint32_t*)0x2000117a = 0); NONFAILING(*(uint8_t*)0x2000117e = 0xfe); NONFAILING(*(uint8_t*)0x2000117f = 0x80); NONFAILING(*(uint8_t*)0x20001180 = 0); NONFAILING(*(uint8_t*)0x20001181 = 0); NONFAILING(*(uint8_t*)0x20001182 = 0); NONFAILING(*(uint8_t*)0x20001183 = 0); NONFAILING(*(uint8_t*)0x20001184 = 0); NONFAILING(*(uint8_t*)0x20001185 = 0); NONFAILING(*(uint8_t*)0x20001186 = 0); NONFAILING(*(uint8_t*)0x20001187 = 0); NONFAILING(*(uint8_t*)0x20001188 = 0); NONFAILING(*(uint8_t*)0x20001189 = 0); NONFAILING(*(uint8_t*)0x2000118a = 0); NONFAILING(*(uint8_t*)0x2000118b = 0); NONFAILING(*(uint8_t*)0x2000118c = 0); NONFAILING(*(uint8_t*)0x2000118d = 0xaa); NONFAILING(*(uint8_t*)0x2000118e = 0xfe); NONFAILING(*(uint8_t*)0x2000118f = 0x80); NONFAILING(*(uint8_t*)0x20001190 = 0); NONFAILING(*(uint8_t*)0x20001191 = 0); NONFAILING(*(uint8_t*)0x20001192 = 0); NONFAILING(*(uint8_t*)0x20001193 = 0); NONFAILING(*(uint8_t*)0x20001194 = 0); NONFAILING(*(uint8_t*)0x20001195 = 0); NONFAILING(*(uint8_t*)0x20001196 = 0); NONFAILING(*(uint8_t*)0x20001197 = 0); NONFAILING(*(uint8_t*)0x20001198 = 0); NONFAILING(*(uint8_t*)0x20001199 = 0); NONFAILING(*(uint8_t*)0x2000119a = 0); NONFAILING(*(uint8_t*)0x2000119b = 0); NONFAILING(*(uint8_t*)0x2000119c = 0); NONFAILING(*(uint8_t*)0x2000119d = 0xaa); NONFAILING(*(uint8_t*)0x2000119e = 8); NONFAILING(*(uint8_t*)0x2000119f = 0); NONFAILING(*(uint8_t*)0x200011a0 = 0xcc); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2)); NONFAILING(STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5)); NONFAILING(*(uint32_t*)0x200011a2 = 0x66); NONFAILING(*(uint8_t*)0x200011a6 = 0x2e); NONFAILING(*(uint8_t*)0x200011a7 = 6); NONFAILING(*(uint8_t*)0x200011a8 = 0); NONFAILING(*(uint8_t*)0x200011a9 = 0); NONFAILING(*(uint8_t*)0x200011aa = 0); NONFAILING(*(uint8_t*)0x200011ab = 0); NONFAILING(*(uint8_t*)0x200011ac = 0); NONFAILING(*(uint8_t*)0x200011ad = 0); NONFAILING(*(uint8_t*)0x200011ae = 4); NONFAILING(*(uint8_t*)0x200011af = 1); NONFAILING(*(uint8_t*)0x200011b0 = 0x1d); NONFAILING(*(uint8_t*)0x200011b1 = 1); NONFAILING(*(uint8_t*)0x200011b2 = 4); NONFAILING(*(uint8_t*)0x200011b3 = 0); NONFAILING(*(uint8_t*)0x200011b4 = 0); NONFAILING(*(uint8_t*)0x200011b5 = 0); NONFAILING(*(uint8_t*)0x200011b6 = 0); NONFAILING(*(uint8_t*)0x200011b7 = 5); NONFAILING(*(uint8_t*)0x200011b8 = 0x28); NONFAILING(memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40)); NONFAILING(*(uint8_t*)0x200011e6 = 0x67); NONFAILING(*(uint8_t*)0x200011e7 = 5); NONFAILING(*(uint8_t*)0x200011e8 = 0); NONFAILING(*(uint8_t*)0x200011e9 = 0); NONFAILING(*(uint8_t*)0x200011ea = 0); NONFAILING(*(uint8_t*)0x200011eb = 0); NONFAILING(*(uint8_t*)0x200011ec = 0); NONFAILING(*(uint8_t*)0x200011ed = 0); NONFAILING(*(uint8_t*)0x200011ee = 4); NONFAILING(*(uint8_t*)0x200011ef = 1); NONFAILING(*(uint8_t*)0x200011f0 = 0x1f); NONFAILING(*(uint8_t*)0x200011f1 = 1); NONFAILING(*(uint8_t*)0x200011f2 = 7); NONFAILING(*(uint8_t*)0x200011f3 = 0); NONFAILING(*(uint8_t*)0x200011f4 = 0); NONFAILING(*(uint8_t*)0x200011f5 = 0); NONFAILING(*(uint8_t*)0x200011f6 = 0); NONFAILING(*(uint8_t*)0x200011f7 = 0); NONFAILING(*(uint8_t*)0x200011f8 = 0); NONFAILING(*(uint8_t*)0x200011f9 = 0); NONFAILING(*(uint8_t*)0x200011fa = 5); NONFAILING(*(uint8_t*)0x200011fb = 2); NONFAILING(*(uint16_t*)0x200011fc = htobe16(4)); NONFAILING(*(uint8_t*)0x200011fe = 4); NONFAILING(*(uint8_t*)0x200011ff = 1); NONFAILING(*(uint8_t*)0x20001200 = 0x43); NONFAILING(*(uint8_t*)0x20001201 = 4); NONFAILING(*(uint8_t*)0x20001202 = 1); NONFAILING(*(uint8_t*)0x20001203 = 0x7f); NONFAILING(*(uint8_t*)0x20001204 = 0); NONFAILING(*(uint8_t*)0x20001205 = 1); NONFAILING(*(uint8_t*)0x20001206 = 0); NONFAILING(*(uint8_t*)0x20001207 = 0); NONFAILING(*(uint8_t*)0x20001208 = 1); NONFAILING(*(uint8_t*)0x20001209 = 0); NONFAILING(*(uint8_t*)0x2000120a = 1); NONFAILING(*(uint8_t*)0x2000120b = 1); NONFAILING(*(uint8_t*)0x2000120c = 0); NONFAILING(*(uint8_t*)0x2000120d = 0xc2); NONFAILING(*(uint8_t*)0x2000120e = 4); NONFAILING(*(uint32_t*)0x2000120f = htobe32(6)); NONFAILING(*(uint8_t*)0x20001213 = 0xc2); NONFAILING(*(uint8_t*)0x20001214 = 4); NONFAILING(*(uint32_t*)0x20001215 = htobe32(2)); NONFAILING(*(uint8_t*)0x2000121e = 0x31); NONFAILING(*(uint8_t*)0x2000121f = 0); NONFAILING(*(uint8_t*)0x20001220 = 0); NONFAILING(*(uint8_t*)0x20001221 = 0); NONFAILING(*(uint8_t*)0x20001222 = 0); NONFAILING(*(uint8_t*)0x20001223 = 0); NONFAILING(*(uint8_t*)0x20001224 = 0); NONFAILING(*(uint8_t*)0x20001225 = 0); NONFAILING(*(uint8_t*)0x20001226 = 4); NONFAILING(*(uint8_t*)0x20001227 = 1); NONFAILING(*(uint8_t*)0x20001228 = 0x7e); NONFAILING(*(uint16_t*)0x2000122e = htobe16(0x4e22)); NONFAILING(*(uint16_t*)0x20001230 = htobe16(0x4e23)); NONFAILING(*(uint16_t*)0x20001232 = htobe16(8)); NONFAILING(*(uint16_t*)0x20001234 = htobe16(0)); NONFAILING(memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248)); struct csum_inet csum_1; csum_inet_init(&csum_1); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16)); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16)); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); NONFAILING(csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8)); NONFAILING(*(uint16_t*)0x20001234 = csum_inet_digest(&csum_1)); break; case 11: NONFAILING(memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63)); NONFAILING(syz_execute_func(0x20001340)); break; case 12: break; case 13: NONFAILING(syz_open_pts()); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); install_segv_handler(); use_temporary_dir(); do_sandbox_none(); return 0; } :359:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :357:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor415264307 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/15 (6.29s) csource_test.go:124: opts: {Threaded:true Collide:true Repeat:true RepeatTimes:0 Procs:2 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; int collide = 0; again: for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (collide && (call % 2) == 0) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); if (!collide) { collide = 1; goto again; } } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21 + procid*4); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21 + procid*4); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22 + procid*4; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul + procid*4, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0 + procid*1; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0 + procid*1; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0 + procid*1; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0 + procid*1; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0 + procid*1; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22 + procid*4); *(uint16_t*)0x20001230 = htobe16(0x4e23 + procid*4); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); for (procid = 0; procid < 2; procid++) { if (fork() == 0) { use_temporary_dir(); do_sandbox_none(); } } sleep(1000000); return 0; } :342:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :340:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor587653272 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/0 (6.54s) csource_test.go:124: opts: {Threaded:false Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { if (setsid() == -1) exit(1); struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_one(void) { intptr_t res = 0; *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); res = syscall(SYS_getuid); if (res != -1) r[0] = res; *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; syscall(SYS_msgctl, r[1], 0ul, 0); *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); syz_open_pts(); } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :193:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :191:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor955397273 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/13 (6.30s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:true Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :332:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :330:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor494218519 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/14 (6.41s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:true} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { fprintf(stderr, "### start\n"); int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; res = syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); fprintf(stderr, "### call=0 errno=%u\n", res == -1 ? errno : 0); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; res = syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); fprintf(stderr, "### call=1 errno=%u\n", res == -1 ? errno : 0); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; res = syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); fprintf(stderr, "### call=2 errno=%u\n", res == -1 ? errno : 0); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; res = syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); fprintf(stderr, "### call=3 errno=%u\n", res == -1 ? errno : 0); break; case 4: res = syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); fprintf(stderr, "### call=4 errno=%u\n", res == -1 ? errno : 0); break; case 5: res = syscall(SYS_getuid); fprintf(stderr, "### call=5 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; res = syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); fprintf(stderr, "### call=6 errno=%u\n", res == -1 ? errno : 0); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); res = syscall(SYS_lchown, 0x20000280ul, r[0], 0); fprintf(stderr, "### call=7 errno=%u\n", res == -1 ? errno : 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); fprintf(stderr, "### call=8 errno=%u\n", res == -1 ? errno : 0); if (res != -1) r[1] = res; break; case 9: res = syscall(SYS_msgctl, r[1], 0ul, 0); fprintf(stderr, "### call=9 errno=%u\n", res == -1 ? errno : 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); (void)res; break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); res = -1; errno = EFAULT; res = syz_execute_func(0x20001340); fprintf(stderr, "### call=11 errno=%u\n", res == -1 ? errno : 0); break; case 12: (void)res; break; case 13: res = -1; errno = EFAULT; res = syz_open_pts(); fprintf(stderr, "### call=13 errno=%u\n", res == -1 ? errno : 0); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :331:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :329:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor517297654 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/10 (8.02s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long long procid; static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static int tunfd = -1; #define MAX_TUN 4 #define TUN_IFACE "tap%d" #define TUN_DEVICE "/dev/tap%d" #define LOCAL_MAC "aa:aa:aa:aa:aa:aa" #define REMOTE_MAC "aa:aa:aa:aa:aa:bb" #define LOCAL_IPV4 "172.20.%d.170" #define REMOTE_IPV4 "172.20.%d.187" #define LOCAL_IPV6 "fe80::%02hxaa" #define REMOTE_IPV6 "fe80::%02hxbb" static void vsnprintf_check(char* str, size_t size, const char* format, va_list args) { int rv = vsnprintf(str, size, format, args); if (rv < 0) exit(1); if ((size_t)rv >= size) exit(1); } static void snprintf_check(char* str, size_t size, const char* format, ...) { va_list args; va_start(args, format); vsnprintf_check(str, size, format, args); va_end(args); } #define COMMAND_MAX_LEN 128 #define PATH_PREFIX "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin " #define PATH_PREFIX_LEN (sizeof(PATH_PREFIX) - 1) static void execute_command(bool panic, const char* format, ...) { va_list args; va_start(args, format); char command[PATH_PREFIX_LEN + COMMAND_MAX_LEN]; memcpy(command, PATH_PREFIX, PATH_PREFIX_LEN); vsnprintf_check(command + PATH_PREFIX_LEN, COMMAND_MAX_LEN, format, args); va_end(args); int rv = system(command); if (rv) { if (panic) exit(1); } } static void initialize_tun(int tun_id) { if (tun_id < 0 || tun_id >= MAX_TUN) { exit(1); } char tun_device[sizeof(TUN_DEVICE)]; snprintf_check(tun_device, sizeof(tun_device), TUN_DEVICE, tun_id); char tun_iface[sizeof(TUN_IFACE)]; snprintf_check(tun_iface, sizeof(tun_iface), TUN_IFACE, tun_id); execute_command(0, "ifconfig %s destroy", tun_device); tunfd = open(tun_device, O_RDWR | O_NONBLOCK); if (tunfd == -1) { printf("tun: can't open %s: errno=%d\n", tun_device, errno); return; } const int kTunFd = 240; if (dup2(tunfd, kTunFd) < 0) exit(1); close(tunfd); tunfd = kTunFd; char local_mac[sizeof(LOCAL_MAC)]; snprintf_check(local_mac, sizeof(local_mac), LOCAL_MAC); execute_command(1, "ifconfig %s lladdr %s", tun_iface, local_mac); char local_ipv4[sizeof(LOCAL_IPV4)]; snprintf_check(local_ipv4, sizeof(local_ipv4), LOCAL_IPV4, tun_id); execute_command(1, "ifconfig %s inet %s netmask 255.255.255.0", tun_iface, local_ipv4); char remote_mac[sizeof(REMOTE_MAC)]; char remote_ipv4[sizeof(REMOTE_IPV4)]; snprintf_check(remote_mac, sizeof(remote_mac), REMOTE_MAC); snprintf_check(remote_ipv4, sizeof(remote_ipv4), REMOTE_IPV4, tun_id); execute_command(0, "arp -s %s %s", remote_ipv4, remote_mac); char local_ipv6[sizeof(LOCAL_IPV6)]; snprintf_check(local_ipv6, sizeof(local_ipv6), LOCAL_IPV6, tun_id); execute_command(1, "ifconfig %s inet6 %s", tun_iface, local_ipv6); char remote_ipv6[sizeof(REMOTE_IPV6)]; snprintf_check(remote_ipv6, sizeof(remote_ipv6), REMOTE_IPV6, tun_id); execute_command(0, "ndp -s %s%%%s %s", remote_ipv6, tun_iface, remote_mac); } static long syz_emit_ethernet(volatile long a0, volatile long a1) { if (tunfd < 0) return (uintptr_t)-1; size_t length = a0; const char* data = (char*)a1; return write(tunfd, data, length); } static int read_tun(char* data, int size) { if (tunfd < 0) return -1; int rv = read(tunfd, data, size); if (rv < 0) { if (errno == EAGAIN) return -1; exit(1); } return rv; } struct tcp_resources { uint32_t seq; uint32_t ack; }; static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile long a2) { if (tunfd < 0) return (uintptr_t)-1; char data[1000]; int rv = read_tun(&data[0], sizeof(data)); if (rv == -1) return (uintptr_t)-1; size_t length = rv; if (length < sizeof(struct ether_header)) return (uintptr_t)-1; struct ether_header* ethhdr = (struct ether_header*)&data[0]; struct tcphdr* tcphdr = 0; if (ethhdr->ether_type == htons(ETHERTYPE_IP)) { if (length < sizeof(struct ether_header) + sizeof(struct ip)) return (uintptr_t)-1; struct ip* iphdr = (struct ip*)&data[sizeof(struct ether_header)]; if (iphdr->ip_p != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ether_header) + iphdr->ip_hl * 4 + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ether_header) + iphdr->ip_hl * 4]; } else { if (length < sizeof(struct ether_header) + sizeof(struct ip6_hdr)) return (uintptr_t)-1; struct ip6_hdr* ipv6hdr = (struct ip6_hdr*)&data[sizeof(struct ether_header)]; if (ipv6hdr->ip6_nxt != IPPROTO_TCP) return (uintptr_t)-1; if (length < sizeof(struct ether_header) + sizeof(struct ip6_hdr) + sizeof(struct tcphdr)) return (uintptr_t)-1; tcphdr = (struct tcphdr*)&data[sizeof(struct ether_header) + sizeof(struct ip6_hdr)]; } struct tcp_resources* res = (struct tcp_resources*)a0; res->seq = htonl(ntohl(tcphdr->th_seq) + (uint32_t)a1); res->ack = htonl(ntohl(tcphdr->th_ack) + (uint32_t)a2); return 0; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); initialize_tun(procid); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); syz_emit_ethernet(0x132e, 0x20000000); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: syz_extract_tcp_res(0x20001380, 0xfff, 9); break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :498:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :496:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor682427101 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/11 (11.36s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:false HandleSegv:false Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); do_sandbox_none(); return 0; } :278:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :276:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor533203338 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/5 (7.79s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :330:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :328:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor302538048 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/1 (7.54s) csource_test.go:124: opts: {Threaded:true Collide:false Repeat:true RepeatTimes:0 Procs:0 Slowdown:1 Sandbox:none Fault:false FaultCall:0 FaultNth:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false USB:false VhciInjection:false Wifi:false Sysctl:false UseTmpDir:true HandleSegv:false Repro:false Trace:false} program: setsockopt$sock_int(0xffffffffffffffff, 0xffff, 0x1008, &(0x7f0000000000), 0x4) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffff9c, 0x29, 0x69, &(0x7f0000000040)={{0x18, 0x1, 0x6, 0x7ff}, {0x18, 0x1, 0xf1, 0x401}, 0x6, [0x4, 0x7f, 0x6, 0xfffff4a4, 0xff, 0x7, 0xfffffffa, 0x3000]}, 0x3c) sysctl$net_inet6_icmp6(&(0x7f0000000080)={0x4, 0x18, 0x3a, 0x12}, 0x4, &(0x7f00000000c0)="e5176f41d368d7e2377244eb23", &(0x7f0000000100)=0xd, &(0x7f0000000140), 0x0) ioctl$FIOASYNC(0xffffffffffffffff, 0x8004667d, &(0x7f0000000180)=0x2b3) ioctl$WSKBDIO_GETDEFAULTKEYREPEAT(0xffffffffffffff9c, 0x400c570a, &(0x7f00000001c0)) r0 = getuid() recvfrom$unix(0xffffffffffffffff, &(0x7f0000000200)=""/49, 0x31, 0x80, &(0x7f0000000240)=@abs={0x0, 0x0, 0x2}, 0x8) lchown(&(0x7f0000000280)='./file0\x00', r0, 0x0) r1 = msgget(0x1, 0x240) msgctl$IPC_RMID(r1, 0x0) syz_emit_ethernet(0x132e, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x2, 0x6, "2d4bd2", 0x12f8, 0x4, 0xe1, @local={0xfe, 0x80, [], 0x0}, @remote={0xfe, 0x80, [], 0x0}, {[@dstopts={0x2f, 0x200, [], [@enc_lim={0x4, 0x1, 0x7}, @generic={0x81, 0x1000, "309f1429fbbf44ea6dfcb77604167515e7d99bf307e0dada5cf94f05f0c33e006832d841a570947d38387dc0a06584c57528d03e1dd154b92fb21144744a6960aa7731a56ef43b9c5c19cfdb39efb9bf0c3c63be7b5ff24a419a318df8f030f373e1ece97ff51ca8dfd55219f3044987afa304d11bfa46c0ce4da0d6bfd91493b74f4abae6acc521d655692cb22b1fc16f4149bb659a9e14f3c3220f909f3f02cf99c1d444e61981d0cdd37a689f19697037ccce521a18550d11e16d6ee7c3b776f2e0a673b4eb2f1f927797ba1a46166d16fa98f89fff2ef31ad906facc5ccd4bfec5ee2426e6a8500ecd6f375530b586bb7ded6d61b961a8d20ef9d7c1245294d7d327ae88c578d395e92d7c88e265d02bcad3d222836bcd37cf73ff900fdf0800958b4be5cb056a53e60da94e68bdea09c49b3cf6de3b009da0c31530e96d8bef92816a41fead31e1600ef28e3ef485c61aeb05a75f0abdf9dd7cb00ab51817f9772f1b46376466987bbdc5522b7a43f7cd156e65e744c7993340f28b4f91905484266e801469f6a3d22ee4121188aee3fef696d0ba2e420c090be48dd556db9bb0c9a77b823f8417ae3f7438d840191c3226b2e473243f6f6d8026716147982f1c9f19fe28fe6c7d52b4d645c9fb2abade04843cf32576b54dd821cf6cea270bcb8cef245d87f3209f8bc1f5fe51e8f2343417ff0bbcd9ac32307ac0357cb7f6873d7fce322c76233dc838cd427b82512a7d08a47e01f49d89319ad846972241772ba04d738ed91e408a23aaf38d35fd2bd05479309e1560b58a2865480ef1058b46edcea99b05d2ec13f24ec0623b6a9f6ec838957b45828123c32c136f939af016aa4992cd06756fe192251f9cf1b2ed7f0ff520945db59d6c81045294ad1c39728503e2207c4459d4a67651c5ba6192a2f7c23a431b07e847794d73bbffdf896cead16d164711e842fb9e4de1933e592b2899c6c3d9b6a4a62fa52b4c220605b21bcf8c53f9918860856ff810eb9c00389a60bef74c0d53128eebd8814b7574c5b14a5dca7ae0e100034190db2b70c730278d38514a1530302b01f7cdeaaac6781b3081db8aac269ad0932aa5b384c4d9589723403d5791acaffc85b86e62f89d31f3d39d946c34444be1eeb3ad1cd970caa07c67a8b2253a5680773e8bfbec50f63b2181ace2d0ede0581bcfca6ff2f8a8a630526d13cbc4d417a155390e914df78eb068112faffdaba591e49a5e6dc2392db56004d6e86e72a205279c873d3964dbfb8be743c347baeac13d9e71b87668643ee3bd1c076e058fe4dcb54ce2fde3f66f6c257c15dad5b842f9821aca8e144adc2b10258d984db0b664db0b6e747160fe2c5b55736af95b206f44ef1b7317031454ec2dd27becd50189656fc36eb8afc9b49b1f3b38259f7487654a6b0a966b799fd784ecc68ed9976c77dc396faca9cdbc68f955a469044211e91dd0795d8f54c04bf72d4d0b31dbc2d5cf24ded7819690bd900c67f279f7b0734c667dda25184a52e2455613b8cb15be78a9c99528276f88483ee73054d16030c030035002f7fb2ede134aae16d4d2c551ad71c6dad3a776abdb0491169223a6648b9af17590a5069b604ad5f23cb32512890e10adbc8e7e44600b1966303b25c85792b2947910ec9dceecac03f9b34329b8a54412ff43b5a92ffabdc6f21f4654bbab357972b5eea69fd807e827d593723175d7a717e2a07f0720be6d4ca817c98a7e6a92f45be2f9c1f56e4cf0cd8b7d62a177f9239098460278f23d9abceaf811bb31f3f3e5bb8366b585995b7366eeb655dc0482c0b1bfc7e765dbbb2babd1076209726ca6730d9f854994516418efcfec48e9e34e51d458b2bd0442c65fd607bf3e9678e29d10a29a52cafb4325e81218c737f0932a34e24997a393f78586a9d056cd797285b8786ae92822bb0af7394b33d2dd81a75579e3ded8bc88578a2a0509ea1a10fe07588b0017cf00869f02bd8ec51224113adfac2bc4a5ead0ff8353ae8c156541a47fb78b90a4bc3612194ecdd31626f3bc8baf44c7d2c3233522604c75656d57806d03115f1b2c2dd8a2b239e6e284e49da34b7e98ccc23401346ba38d071bb988ee79c2c394e92f5502ee5a661ddc9fa6407ce030898f3f43f3cb05b5dce1ada0b50707d61a5009cdf5f5b2a15f1861d15e3c6dc892dd8e317dcb9fb82f92e63e5714981c3f9736194579c2079fc8fce67799e06a0495543363e6ef5c3ecf7b23504487bf8da7362244c06e084a1302d949c73ac652608d91f3a88340d7c71817fb70232f100ad3bff55679238ae26bda5de16e2b3a0bd9db7096db88922979d4a28515b99b91587b680286a07ad8a00b6e4a04f8c7434ded1cdce2a60f65065790f264f6da646279c8187cd6fc9dad808baf0b5df1d57c66156a50c4ce4405060739c5199a9814d0a7e93b1f1cdb193385ff1aa383c290b9729328ca8be81f45e8793dbb4cf2d5bd1045185f1b8660199407dff2ffbab287e7b483d3760a796d92ed7fd9e3ccb9f7e938de05f9928adc9b73cefaf660a4c4782b6e24564dbe01aa6525959e264fc0a75573b79bd011ed5f1681e5c45760c198b00cb66282c2bddce6e5d1378f13b6d4dae013edd6167e9c4281227b789f48de75b461ed0696698ecf61953ab84f44e7d0ad05018886dfff604bde5abbdbdb21fec8e6cafdf00b60a776bf8f52fba8c8b97fbed6e4fed187608a5780fa67603aa799ff8318e843a5c115ff3bed2b5f05e414d23a3a9ae9a02796f7ee60ea0c4a1fe6f549815626ea74d82d18fbcdb5b2493c2e4676997eeae51281a1f1223fd6b1d356301be271be8516eaa40961927601593bee9d22fef1133de3a51cf25911bfd12ec45d2ae0d1209884af35ccccd6b58899f96ac6051dd7b5519c0602db5836ad43725013f8e0add2ea2623394677b21151a83beb624d28fef258d228842b4ae27bd35558006621da16cff4ac62b0f2162a9301280339bc176f6077d30682da90bdf49a77cb85a4199b728546953d9016137a4fd7f5a5fc97f373c9eacd0f8689dd98e7c7def3977c8b7691d52155e40568afc6e468a541117b55e3855e8eb716be8e52084e150e2017feb61dac20a9afe31285f2320be0886760c87f1e088924eb9952529559c356a602c11fe062c34370d8b55cb408589f1239f1d73d4b8dd1cf58bf4b3c04ff9fad12fa6d8b425d514e2ed12651bbc27ede2df1f77d6e58a769a0f5f4b3f0560a17470895bb728d96cdcb72ddb590dc7d8a592b9be237277957defe70cd3fe2f050eab0d7aac49456c91e8b8398f7fb5155acb6ddacdaa07c9d39c780d3db8be44ae52d8f38c944aafe01336fed084614d9d0827c941733c68d340c6fbbf0b896fb3b196ebd3f60df894f7f77123e549e0ffc1749bec0abb56d613950825acb923519c3899122833e24adaad426f5747c41e3d6526ed2619a68ea7184c04e8a12490a689a5a386fcb0494a4d0a59097309c909efefb21d40b9deaa9ee81016c76c320b00d66efb58f2673203151f6a5a2b162de9d41df2baa0e6ec8c1bc5b7f182f64349a9ff7cb4ca7b45691d29d8e561fa87a5aa832db5cd4661715cb12d0c2b9cc5850fc61822be2a33adf94db874ef8773215dfda5883df4f2298c72a680a968527e04e2b7356c0ce777d5ab3516392420cf0ad5b98ea86e501fd421e0ee5f55f0d4953ad34db6b3a5cc672e7196e8a66d786a1f79b726e5b2c14400ea1cac40e9d4e5349a0cdc0f7fb118c92a60a32023ef5c7f3eda351da637858bf113ec432355ec171d2fd5ea94c9c9dab59bdea074248b5dc04fe117a06aa3b48cf8b4b368f390360e98c2e691374bd7d66f973c0de6f1d35c82cc09e0b705649a933a321d6333c8c38e885ecc29e947d9860e98c0a7d1ded7892270d3afe25e87331184237fff225e4935ad5523066fd6dfa6e13ea9329570d89dafabda4a7e1bda655d6c5267a51e2be6e5a594920ac9b3722824c775986866ec435f6d03858322e50ba971277a31ec95c95acd6a020c97a44885d642cdbfc43ae801ab3825a52ff768caf98320aace618580b52b8049ced13e6568bb8ac559d7c612e10b7c8f131b593fc92f92e8d693ee138e2a41c8b2b24efaa7f857ac3f8abbe68c9506e83f6f4e3d9e8ba5b49b6c2dd5efb6f531067ea7b10e13861ee6f3626292077288fa3a217977a12fa86020045e9f3b2815da85ccdb22450362676c03ad9cf65761361358d2f9bae7d14527c3f161daeaae8b830ba6b95f3e842a64abf3d44f95f0fce79ad169c9fa02b9d40d1e261f49a65b414ef95a6d254c04c7ecb59137ff110b605d6ad45cc9822111d7eca62353f125937f3d5c1484f5c80a91848da4a8d225e57d290b2660f15ace1e56747c6defae3902e58d8f1a34e2c37245769321f38f8df7822fd5cf727a4f80511ed5011b172a7f0e657ca0d67814d2f6ed76589c756ba6b3753ed3ad73741b740c3eb3e16eaa9e7a8dc6d51b26db8607aff0c0d2721b14bd0f8abf9d184c6223cc37ca2d2163801d386435245d09bc3daa0197e3905c6f8c4638e6d3d5aaa93ec9c079197190a799e3872ad6cf55d2c592901544c21b7f91c056ef104e66ebb4c65610c8146637383f78f9b21662ddfb76eddc0e8aceb66182c07c6e5a04f975bdbef521cf9d5bcf5cc78a49f3c17467b1eaac325b0eaa4289806bbe0eeb692401791e5eb8377e346ca7a94c4e2b029ee20acdf73b57b0d27114d8138e16d6bb7dc58e2ed0beb6250ada0dea13cba1ce48c303a0f1326c82e4afed636a8018a55be66a019a60bc90c4b546980029fb6a9b9ce0eb706496c1661a8adccd6dba6788e8300c0ead906e391d974a99c6d3787791c1d6c67a540f920808b1b0e0365371a1fd5876baa0eb0fcd4a83d7f04e0d6be1ecfa148a2e8990591f0385e28a71593a5b66c4cec1d837c0fe30ab9bbd9a3a365f9c24cad060c97670016abd6960efe468d7f70116179a28032e9afa5d7859dd4e50276293c5c3d52d852e4448bdb27c2ed27d327fb48518ef5361bc779b7d3047ef6bf116d3607c6fea69f82003a2ea0076b817e9dc879cf2d32a1299061a68da5472011a67ff5488fe74022c7479dca9498a36fe6a21bfa902782a1aaafb03b67b167b902feef4dcc7ce10e9d7ed82795ee2303bc6e009ebe23b5745b9dd4af77561e7db90ed8e3777b9e806918dff8e168effa1f2e5eb1052e75ee2480c21ca55f18bd69b94aa0ef208b81d47f4e571701fd96fd19ebc3ceb852335ace6a3a58ce67e4cc0b0cf4fc4d368416cd27cfcf41483989406413f872858d967e7b1c6c0c26b8247071b7e71b4c70fb9d8ee27be46c3455e37ae91a6dcf0c50951a0b6daf30bce15a249c51b6b0d2e29b0140a7fb3b78fdc39f8f98a8eea71e2cf4a6fcf3edcbec5fd6becb4fe0afb315bf649b980038b0a6a8b533f304cbdb293c83ec29227b9aa3376ad314a05d75f6c3b20febaa94949d0f916af51420da36245db34184098813aae1df307619fc869e0358618623aece7793ed09932889bb289b4c46d9c72b5575bb7facd947b5722fba9afbce02c484896da85a2cc86f89c5be6b96e3fc21317ce0eae79be0a501d8a509b14b7b0d165a29422cdba76561af88672a28c6c44817c1fa77badd8818350a54ffda30f017607675feecec2ed09c3587d58bb54febe812dfcf4e2c0525017bdd57e52d9bb54ae560838884f774b9ac4fe389ad2e75630605287134436bb5f093d8593f6cde2eccd9d1bb90a9a1b9d0e1f09e231102"}]}, @routing={0x67, 0x8, 0x0, 0x9, 0x0, [@mcast2, @empty, @local={0xfe, 0x80, [], 0x0}, @mcast2]}, @hopopts={0xc, 0x13, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7}, @pad1, @jumbo={0xc2, 0x4, 0xad}, @generic={0x0, 0x78, "e213cba9b58515e7f0d1f0e7e44e3aa0fb01f8128487698051d9a19f17fbf8f0d1cf8a1dfa1773f45ab695763a8c8b9362b85b3007cec47790a524a2ed20d669a95b00d401bb0c7582b9cc1854e97cf3100d5459560f06c99f3c2b0c076c88468f563c4057716a4d7afc6426a5243a78263d8844778a2ee4"}, @jumbo={0xc2, 0x4, 0xffffffff}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x3a, 0x8, 0x0, 0x0, 0x0, [@mcast2, @loopback, @mcast2, @ipv4={[], [], @multicast2}]}, @routing={0x4, 0x4, 0x0, 0xfe, 0x0, [@local={0xfe, 0x80, [], 0x0}, @local={0xfe, 0x80, [], 0x0}]}, @fragment={0x8, 0x0, 0xcc, 0x1, 0x0, 0x7, 0x66}, @dstopts={0x2e, 0x6, [], [@enc_lim={0x4, 0x1, 0x1d}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0x5, 0x28, "6376154e034d84681438cf3fb73901037bc12056d616f40657e13af69d941c9bebbf3228169bea1a"}]}, @hopopts={0x67, 0x5, [], [@enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x4}, @enc_lim={0x4, 0x1, 0x43}, @enc_lim={0x4, 0x1, 0x7f}, @pad1, @pad1, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x6}, @jumbo={0xc2, 0x4, 0x2}]}, @hopopts={0x31, 0x0, [], [@enc_lim={0x4, 0x1, 0x7e}]}], @udp={{0x2, 0x3, 0x8}, {"b78e7d4c606c0e10c0ab4fa012914a360e69095629346a089adb198edc491e0a3d7e8684cc2e5995a2dd94191cf190512f384cc3344fd9d48a51525939aa816683bef7a188aa1762a82f764118c936a3311edceedfcacc34148073f1db608e86d5dc356373856e4b5826712166420f9865e1936abeb2cf33fbd6133ecfdedb33a97935e3e438b8fa0d992bac3dacf0472905fb84a2fb06f85d9de078134c89f51d5179898e16b4ac969d679db8c6a680d95f9aec7b108e89d926414a114ec6375088d02e86e6e578b5d37386fb0de5b246db95ff3dccb4356243140f150021297f6269b30b9f9bba3ee57da3be4fe361f1fab2fc0380495c"}}}}}}}) syz_execute_func(&(0x7f0000001340)="f3083fc481f92f669b660f38f6c7c4e2152c8f00000000660f572326653e440f93a4720000000047d878ccc481e9f67840c481625ae4c4c161ec9d00000000") syz_extract_tcp_res(&(0x7f0000001380), 0xfff, 0x9) syz_open_pts() csource_test.go:125: failed to build program: // autogenerated by syzkaller (https://github.com/google/syzkaller) #define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void kill_and_wait(int pid, int* status) { kill(pid, SIGKILL); while (waitpid(-1, status, 0) != pid) { } } static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void use_temporary_dir(void) { char tmpdir_template[] = "./syzkaller.XXXXXX"; char* tmpdir = mkdtemp(tmpdir_template); if (!tmpdir) exit(1); if (chmod(tmpdir, 0777)) exit(1); if (chdir(tmpdir)) exit(1); } static void __attribute__((noinline)) remove_dir(const char* dir) { DIR* dp = opendir(dir); if (dp == NULL) { if (errno == EACCES) { if (rmdir(dir)) exit(1); return; } exit(1); } struct dirent* ep = 0; while ((ep = readdir(dp))) { if (strcmp(ep->d_name, ".") == 0 || strcmp(ep->d_name, "..") == 0) continue; char filename[FILENAME_MAX]; snprintf(filename, sizeof(filename), "%s/%s", dir, ep->d_name); struct stat st; if (lstat(filename, &st)) exit(1); if (S_ISDIR(st.st_mode)) { remove_dir(filename); continue; } if (unlink(filename)) exit(1); } closedir(dp); if (rmdir(dir)) exit(1); } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } typedef struct { pthread_mutex_t mu; pthread_cond_t cv; int state; } event_t; static void event_init(event_t* ev) { if (pthread_mutex_init(&ev->mu, 0)) exit(1); if (pthread_cond_init(&ev->cv, 0)) exit(1); ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { pthread_mutex_lock(&ev->mu); if (ev->state) exit(1); ev->state = 1; pthread_mutex_unlock(&ev->mu); pthread_cond_broadcast(&ev->cv); } static void event_wait(event_t* ev) { pthread_mutex_lock(&ev->mu); while (!ev->state) pthread_cond_wait(&ev->cv, &ev->mu); pthread_mutex_unlock(&ev->mu); } static int event_isset(event_t* ev) { pthread_mutex_lock(&ev->mu); int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; pthread_mutex_lock(&ev->mu); for (;;) { if (ev->state) break; uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; pthread_cond_timedwait(&ev->cv, &ev->mu, &ts); now = current_time_ms(); if (now - start > timeout) break; } int res = ev->state; pthread_mutex_unlock(&ev->mu); return res; } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) struct csum_inet { uint32_t acc; }; static void csum_inet_init(struct csum_inet* csum) { csum->acc = 0; } static void csum_inet_update(struct csum_inet* csum, const uint8_t* data, size_t length) { if (length == 0) return; size_t i = 0; for (; i < length - 1; i += 2) csum->acc += *(uint16_t*)&data[i]; if (length & 1) csum->acc += le16toh((uint16_t)data[length - 1]); while (csum->acc > 0xffff) csum->acc = (csum->acc & 0xffff) + (csum->acc >> 16); } static uint16_t csum_inet_digest(struct csum_inet* csum) { return ~csum->acc; } #define __syscall syscall static uintptr_t syz_open_pts(void) { int master, slave; if (openpty(&master, &slave, NULL, NULL, NULL) == -1) return -1; if (dup2(master, master + 100) != -1) close(master); return slave; } static void sandbox_common() { struct rlimit rlim; rlim.rlim_cur = rlim.rlim_max = 8 << 20; setrlimit(RLIMIT_MEMLOCK, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_FSIZE, &rlim); rlim.rlim_cur = rlim.rlim_max = 1 << 20; setrlimit(RLIMIT_STACK, &rlim); rlim.rlim_cur = rlim.rlim_max = 0; setrlimit(RLIMIT_CORE, &rlim); rlim.rlim_cur = rlim.rlim_max = 256; setrlimit(RLIMIT_NOFILE, &rlim); } static void loop(); static int do_sandbox_none(void) { sandbox_common(); loop(); return 0; } static long syz_execute_func(volatile long text) { ((void (*)(void))(text))(); return 0; } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void execute_one(void) { int i, call, thread; for (call = 0; call < 14; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } static void execute_one(void); #define WAIT_FLAGS 0 static void loop(void) { int iter = 0; for (;; iter++) { char cwdbuf[32]; sprintf(cwdbuf, "./%d", iter); if (mkdir(cwdbuf, 0777)) exit(1); int pid = fork(); if (pid < 0) exit(1); if (pid == 0) { if (chdir(cwdbuf)) exit(1); execute_one(); exit(0); } int status = 0; uint64_t start = current_time_ms(); for (;;) { if (waitpid(-1, &status, WNOHANG | WAIT_FLAGS) == pid) break; sleep_ms(1); if (current_time_ms() - start < 5000) continue; kill_and_wait(pid, &status); break; } remove_dir(cwdbuf); } } uint64_t r[2] = {0x0, 0x0}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint32_t*)0x20000000 = 0; syscall(SYS_setsockopt, -1, 0xffff, 0x1008, 0x20000000ul, 4ul); break; case 1: *(uint16_t*)0x20000040 = 0x18; *(uint16_t*)0x20000042 = htobe16(0x4e21); *(uint32_t*)0x20000044 = 6; *(uint32_t*)0x20000048 = 0x7ff; *(uint16_t*)0x2000004c = 0x18; *(uint16_t*)0x2000004e = htobe16(0x4e21); *(uint32_t*)0x20000050 = 0xf1; *(uint32_t*)0x20000054 = 0x401; *(uint16_t*)0x20000058 = 6; *(uint32_t*)0x2000005c = 4; *(uint32_t*)0x20000060 = 0x7f; *(uint32_t*)0x20000064 = 6; *(uint32_t*)0x20000068 = 0xfffff4a4; *(uint32_t*)0x2000006c = 0xff; *(uint32_t*)0x20000070 = 7; *(uint32_t*)0x20000074 = 0xfffffffa; *(uint32_t*)0x20000078 = 0x3000; syscall(SYS_setsockopt, 0xffffff9c, 0x29, 0x69, 0x20000040ul, 0x3cul); break; case 2: *(uint32_t*)0x20000080 = 4; *(uint32_t*)0x20000084 = 0x18; *(uint32_t*)0x20000088 = 0x3a; *(uint32_t*)0x2000008c = 0x12; memcpy((void*)0x200000c0, "\xe5\x17\x6f\x41\xd3\x68\xd7\xe2\x37\x72\x44\xeb\x23", 13); *(uint64_t*)0x20000100 = 0xd; syscall(SYS_sysctl, 0x20000080ul, 4ul, 0x200000c0ul, 0x20000100ul, 0x20000140ul, 0ul); break; case 3: *(uint32_t*)0x20000180 = 0x2b3; syscall(SYS_ioctl, -1, 0x8004667dul, 0x20000180ul); break; case 4: syscall(SYS_ioctl, 0xffffff9c, 0x400c570aul, 0x200001c0ul); break; case 5: res = syscall(SYS_getuid); if (res != -1) r[0] = res; break; case 6: *(uint16_t*)0x20000240 = 0; *(uint8_t*)0x20000242 = 0; *(uint32_t*)0x20000244 = 0x4e22; syscall(SYS_recvfrom, -1, 0x20000200ul, 0x31ul, 0x80ul, 0x20000240ul, 8ul); break; case 7: memcpy((void*)0x20000280, "./file0\000", 8); syscall(SYS_lchown, 0x20000280ul, r[0], 0); break; case 8: res = syscall(SYS_msgget, 0x798e7454ul, 0x240ul); if (res != -1) r[1] = res; break; case 9: syscall(SYS_msgctl, r[1], 0ul, 0); break; case 10: *(uint8_t*)0x20000000 = 0xaa; *(uint8_t*)0x20000001 = 0xaa; *(uint8_t*)0x20000002 = 0xaa; *(uint8_t*)0x20000003 = 0xaa; *(uint8_t*)0x20000004 = 0xaa; *(uint8_t*)0x20000005 = 0xaa; *(uint8_t*)0x20000006 = 0xaa; *(uint8_t*)0x20000007 = 0xaa; *(uint8_t*)0x20000008 = 0xaa; *(uint8_t*)0x20000009 = 0xaa; *(uint8_t*)0x2000000a = 0xaa; *(uint8_t*)0x2000000b = 0xaa; *(uint16_t*)0x2000000c = htobe16(0x86dd); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x2000000e, 6, 4, 4); memcpy((void*)0x2000000f, "\x2d\x4b\xd2", 3); *(uint16_t*)0x20000012 = htobe16(0x12f8); *(uint8_t*)0x20000014 = 4; *(uint8_t*)0x20000015 = 0xe1; *(uint8_t*)0x20000016 = 0xfe; *(uint8_t*)0x20000017 = 0x80; *(uint8_t*)0x20000018 = 0; *(uint8_t*)0x20000019 = 0; *(uint8_t*)0x2000001a = 0; *(uint8_t*)0x2000001b = 0; *(uint8_t*)0x2000001c = 0; *(uint8_t*)0x2000001d = 0; *(uint8_t*)0x2000001e = 0; *(uint8_t*)0x2000001f = 0; *(uint8_t*)0x20000020 = 0; *(uint8_t*)0x20000021 = 0; *(uint8_t*)0x20000022 = 0; *(uint8_t*)0x20000023 = 0; *(uint8_t*)0x20000024 = 0; *(uint8_t*)0x20000025 = 0xaa; *(uint8_t*)0x20000026 = 0xfe; *(uint8_t*)0x20000027 = 0x80; *(uint8_t*)0x20000028 = 0; *(uint8_t*)0x20000029 = 0; *(uint8_t*)0x2000002a = 0; *(uint8_t*)0x2000002b = 0; *(uint8_t*)0x2000002c = 0; *(uint8_t*)0x2000002d = 0; *(uint8_t*)0x2000002e = 0; *(uint8_t*)0x2000002f = 0; *(uint8_t*)0x20000030 = 0; *(uint8_t*)0x20000031 = 0; *(uint8_t*)0x20000032 = 0; *(uint8_t*)0x20000033 = 0; *(uint8_t*)0x20000034 = 0; *(uint8_t*)0x20000035 = 0xbb; *(uint8_t*)0x20000036 = 0x2f; *(uint8_t*)0x20000037 = 0; *(uint8_t*)0x20000038 = 0; *(uint8_t*)0x20000039 = 0; *(uint8_t*)0x2000003a = 0; *(uint8_t*)0x2000003b = 0; *(uint8_t*)0x2000003c = 0; *(uint8_t*)0x2000003d = 0; *(uint8_t*)0x2000003e = 4; *(uint8_t*)0x2000003f = 1; *(uint8_t*)0x20000040 = 7; *(uint8_t*)0x20000041 = 0x81; *(uint8_t*)0x20000042 = 0; memcpy((void*)0x20000043, "\x30\x9f\x14\x29\xfb\xbf\x44\xea\x6d\xfc\xb7\x76\x04\x16\x75\x15\xe7\xd9\x9b\xf3\x07\xe0\xda\xda\x5c\xf9\x4f\x05\xf0\xc3\x3e\x00\x68\x32\xd8\x41\xa5\x70\x94\x7d\x38\x38\x7d\xc0\xa0\x65\x84\xc5\x75\x28\xd0\x3e\x1d\xd1\x54\xb9\x2f\xb2\x11\x44\x74\x4a\x69\x60\xaa\x77\x31\xa5\x6e\xf4\x3b\x9c\x5c\x19\xcf\xdb\x39\xef\xb9\xbf\x0c\x3c\x63\xbe\x7b\x5f\xf2\x4a\x41\x9a\x31\x8d\xf8\xf0\x30\xf3\x73\xe1\xec\xe9\x7f\xf5\x1c\xa8\xdf\xd5\x52\x19\xf3\x04\x49\x87\xaf\xa3\x04\xd1\x1b\xfa\x46\xc0\xce\x4d\xa0\xd6\xbf\xd9\x14\x93\xb7\x4f\x4a\xba\xe6\xac\xc5\x21\xd6\x55\x69\x2c\xb2\x2b\x1f\xc1\x6f\x41\x49\xbb\x65\x9a\x9e\x14\xf3\xc3\x22\x0f\x90\x9f\x3f\x02\xcf\x99\xc1\xd4\x44\xe6\x19\x81\xd0\xcd\xd3\x7a\x68\x9f\x19\x69\x70\x37\xcc\xce\x52\x1a\x18\x55\x0d\x11\xe1\x6d\x6e\xe7\xc3\xb7\x76\xf2\xe0\xa6\x73\xb4\xeb\x2f\x1f\x92\x77\x97\xba\x1a\x46\x16\x6d\x16\xfa\x98\xf8\x9f\xff\x2e\xf3\x1a\xd9\x06\xfa\xcc\x5c\xcd\x4b\xfe\xc5\xee\x24\x26\xe6\xa8\x50\x0e\xcd\x6f\x37\x55\x30\xb5\x86\xbb\x7d\xed\x6d\x61\xb9\x61\xa8\xd2\x0e\xf9\xd7\xc1\x24\x52\x94\xd7\xd3\x27\xae\x88\xc5\x78\xd3\x95\xe9\x2d\x7c\x88\xe2\x65\xd0\x2b\xca\xd3\xd2\x22\x83\x6b\xcd\x37\xcf\x73\xff\x90\x0f\xdf\x08\x00\x95\x8b\x4b\xe5\xcb\x05\x6a\x53\xe6\x0d\xa9\x4e\x68\xbd\xea\x09\xc4\x9b\x3c\xf6\xde\x3b\x00\x9d\xa0\xc3\x15\x30\xe9\x6d\x8b\xef\x92\x81\x6a\x41\xfe\xad\x31\xe1\x60\x0e\xf2\x8e\x3e\xf4\x85\xc6\x1a\xeb\x05\xa7\x5f\x0a\xbd\xf9\xdd\x7c\xb0\x0a\xb5\x18\x17\xf9\x77\x2f\x1b\x46\x37\x64\x66\x98\x7b\xbd\xc5\x52\x2b\x7a\x43\xf7\xcd\x15\x6e\x65\xe7\x44\xc7\x99\x33\x40\xf2\x8b\x4f\x91\x90\x54\x84\x26\x6e\x80\x14\x69\xf6\xa3\xd2\x2e\xe4\x12\x11\x88\xae\xe3\xfe\xf6\x96\xd0\xba\x2e\x42\x0c\x09\x0b\xe4\x8d\xd5\x56\xdb\x9b\xb0\xc9\xa7\x7b\x82\x3f\x84\x17\xae\x3f\x74\x38\xd8\x40\x19\x1c\x32\x26\xb2\xe4\x73\x24\x3f\x6f\x6d\x80\x26\x71\x61\x47\x98\x2f\x1c\x9f\x19\xfe\x28\xfe\x6c\x7d\x52\xb4\xd6\x45\xc9\xfb\x2a\xba\xde\x04\x84\x3c\xf3\x25\x76\xb5\x4d\xd8\x21\xcf\x6c\xea\x27\x0b\xcb\x8c\xef\x24\x5d\x87\xf3\x20\x9f\x8b\xc1\xf5\xfe\x51\xe8\xf2\x34\x34\x17\xff\x0b\xbc\xd9\xac\x32\x30\x7a\xc0\x35\x7c\xb7\xf6\x87\x3d\x7f\xce\x32\x2c\x76\x23\x3d\xc8\x38\xcd\x42\x7b\x82\x51\x2a\x7d\x08\xa4\x7e\x01\xf4\x9d\x89\x31\x9a\xd8\x46\x97\x22\x41\x77\x2b\xa0\x4d\x73\x8e\xd9\x1e\x40\x8a\x23\xaa\xf3\x8d\x35\xfd\x2b\xd0\x54\x79\x30\x9e\x15\x60\xb5\x8a\x28\x65\x48\x0e\xf1\x05\x8b\x46\xed\xce\xa9\x9b\x05\xd2\xec\x13\xf2\x4e\xc0\x62\x3b\x6a\x9f\x6e\xc8\x38\x95\x7b\x45\x82\x81\x23\xc3\x2c\x13\x6f\x93\x9a\xf0\x16\xaa\x49\x92\xcd\x06\x75\x6f\xe1\x92\x25\x1f\x9c\xf1\xb2\xed\x7f\x0f\xf5\x20\x94\x5d\xb5\x9d\x6c\x81\x04\x52\x94\xad\x1c\x39\x72\x85\x03\xe2\x20\x7c\x44\x59\xd4\xa6\x76\x51\xc5\xba\x61\x92\xa2\xf7\xc2\x3a\x43\x1b\x07\xe8\x47\x79\x4d\x73\xbb\xff\xdf\x89\x6c\xea\xd1\x6d\x16\x47\x11\xe8\x42\xfb\x9e\x4d\xe1\x93\x3e\x59\x2b\x28\x99\xc6\xc3\xd9\xb6\xa4\xa6\x2f\xa5\x2b\x4c\x22\x06\x05\xb2\x1b\xcf\x8c\x53\xf9\x91\x88\x60\x85\x6f\xf8\x10\xeb\x9c\x00\x38\x9a\x60\xbe\xf7\x4c\x0d\x53\x12\x8e\xeb\xd8\x81\x4b\x75\x74\xc5\xb1\x4a\x5d\xca\x7a\xe0\xe1\x00\x03\x41\x90\xdb\x2b\x70\xc7\x30\x27\x8d\x38\x51\x4a\x15\x30\x30\x2b\x01\xf7\xcd\xea\xaa\xc6\x78\x1b\x30\x81\xdb\x8a\xac\x26\x9a\xd0\x93\x2a\xa5\xb3\x84\xc4\xd9\x58\x97\x23\x40\x3d\x57\x91\xac\xaf\xfc\x85\xb8\x6e\x62\xf8\x9d\x31\xf3\xd3\x9d\x94\x6c\x34\x44\x4b\xe1\xee\xb3\xad\x1c\xd9\x70\xca\xa0\x7c\x67\xa8\xb2\x25\x3a\x56\x80\x77\x3e\x8b\xfb\xec\x50\xf6\x3b\x21\x81\xac\xe2\xd0\xed\xe0\x58\x1b\xcf\xca\x6f\xf2\xf8\xa8\xa6\x30\x52\x6d\x13\xcb\xc4\xd4\x17\xa1\x55\x39\x0e\x91\x4d\xf7\x8e\xb0\x68\x11\x2f\xaf\xfd\xab\xa5\x91\xe4\x9a\x5e\x6d\xc2\x39\x2d\xb5\x60\x04\xd6\xe8\x6e\x72\xa2\x05\x27\x9c\x87\x3d\x39\x64\xdb\xfb\x8b\xe7\x43\xc3\x47\xba\xea\xc1\x3d\x9e\x71\xb8\x76\x68\x64\x3e\xe3\xbd\x1c\x07\x6e\x05\x8f\xe4\xdc\xb5\x4c\xe2\xfd\xe3\xf6\x6f\x6c\x25\x7c\x15\xda\xd5\xb8\x42\xf9\x82\x1a\xca\x8e\x14\x4a\xdc\x2b\x10\x25\x8d\x98\x4d\xb0\xb6\x64\xdb\x0b\x6e\x74\x71\x60\xfe\x2c\x5b\x55\x73\x6a\xf9\x5b\x20\x6f\x44\xef\x1b\x73\x17\x03\x14\x54\xec\x2d\xd2\x7b\xec\xd5\x01\x89\x65\x6f\xc3\x6e\xb8\xaf\xc9\xb4\x9b\x1f\x3b\x38\x25\x9f\x74\x87\x65\x4a\x6b\x0a\x96\x6b\x79\x9f\xd7\x84\xec\xc6\x8e\xd9\x97\x6c\x77\xdc\x39\x6f\xac\xa9\xcd\xbc\x68\xf9\x55\xa4\x69\x04\x42\x11\xe9\x1d\xd0\x79\x5d\x8f\x54\xc0\x4b\xf7\x2d\x4d\x0b\x31\xdb\xc2\xd5\xcf\x24\xde\xd7\x81\x96\x90\xbd\x90\x0c\x67\xf2\x79\xf7\xb0\x73\x4c\x66\x7d\xda\x25\x18\x4a\x52\xe2\x45\x56\x13\xb8\xcb\x15\xbe\x78\xa9\xc9\x95\x28\x27\x6f\x88\x48\x3e\xe7\x30\x54\xd1\x60\x30\xc0\x30\x03\x50\x02\xf7\xfb\x2e\xde\x13\x4a\xae\x16\xd4\xd2\xc5\x51\xad\x71\xc6\xda\xd3\xa7\x76\xab\xdb\x04\x91\x16\x92\x23\xa6\x64\x8b\x9a\xf1\x75\x90\xa5\x06\x9b\x60\x4a\xd5\xf2\x3c\xb3\x25\x12\x89\x0e\x10\xad\xbc\x8e\x7e\x44\x60\x0b\x19\x66\x30\x3b\x25\xc8\x57\x92\xb2\x94\x79\x10\xec\x9d\xce\xec\xac\x03\xf9\xb3\x43\x29\xb8\xa5\x44\x12\xff\x43\xb5\xa9\x2f\xfa\xbd\xc6\xf2\x1f\x46\x54\xbb\xab\x35\x79\x72\xb5\xee\xa6\x9f\xd8\x07\xe8\x27\xd5\x93\x72\x31\x75\xd7\xa7\x17\xe2\xa0\x7f\x07\x20\xbe\x6d\x4c\xa8\x17\xc9\x8a\x7e\x6a\x92\xf4\x5b\xe2\xf9\xc1\xf5\x6e\x4c\xf0\xcd\x8b\x7d\x62\xa1\x77\xf9\x23\x90\x98\x46\x02\x78\xf2\x3d\x9a\xbc\xea\xf8\x11\xbb\x31\xf3\xf3\xe5\xbb\x83\x66\xb5\x85\x99\x5b\x73\x66\xee\xb6\x55\xdc\x04\x82\xc0\xb1\xbf\xc7\xe7\x65\xdb\xbb\x2b\xab\xd1\x07\x62\x09\x72\x6c\xa6\x73\x0d\x9f\x85\x49\x94\x51\x64\x18\xef\xcf\xec\x48\xe9\xe3\x4e\x51\xd4\x58\xb2\xbd\x04\x42\xc6\x5f\xd6\x07\xbf\x3e\x96\x78\xe2\x9d\x10\xa2\x9a\x52\xca\xfb\x43\x25\xe8\x12\x18\xc7\x37\xf0\x93\x2a\x34\xe2\x49\x97\xa3\x93\xf7\x85\x86\xa9\xd0\x56\xcd\x79\x72\x85\xb8\x78\x6a\xe9\x28\x22\xbb\x0a\xf7\x39\x4b\x33\xd2\xdd\x81\xa7\x55\x79\xe3\xde\xd8\xbc\x88\x57\x8a\x2a\x05\x09\xea\x1a\x10\xfe\x07\x58\x8b\x00\x17\xcf\x00\x86\x9f\x02\xbd\x8e\xc5\x12\x24\x11\x3a\xdf\xac\x2b\xc4\xa5\xea\xd0\xff\x83\x53\xae\x8c\x15\x65\x41\xa4\x7f\xb7\x8b\x90\xa4\xbc\x36\x12\x19\x4e\xcd\xd3\x16\x26\xf3\xbc\x8b\xaf\x44\xc7\xd2\xc3\x23\x35\x22\x60\x4c\x75\x65\x6d\x57\x80\x6d\x03\x11\x5f\x1b\x2c\x2d\xd8\xa2\xb2\x39\xe6\xe2\x84\xe4\x9d\xa3\x4b\x7e\x98\xcc\xc2\x34\x01\x34\x6b\xa3\x8d\x07\x1b\xb9\x88\xee\x79\xc2\xc3\x94\xe9\x2f\x55\x02\xee\x5a\x66\x1d\xdc\x9f\xa6\x40\x7c\xe0\x30\x89\x8f\x3f\x43\xf3\xcb\x05\xb5\xdc\xe1\xad\xa0\xb5\x07\x07\xd6\x1a\x50\x09\xcd\xf5\xf5\xb2\xa1\x5f\x18\x61\xd1\x5e\x3c\x6d\xc8\x92\xdd\x8e\x31\x7d\xcb\x9f\xb8\x2f\x92\xe6\x3e\x57\x14\x98\x1c\x3f\x97\x36\x19\x45\x79\xc2\x07\x9f\xc8\xfc\xe6\x77\x99\xe0\x6a\x04\x95\x54\x33\x63\xe6\xef\x5c\x3e\xcf\x7b\x23\x50\x44\x87\xbf\x8d\xa7\x36\x22\x44\xc0\x6e\x08\x4a\x13\x02\xd9\x49\xc7\x3a\xc6\x52\x60\x8d\x91\xf3\xa8\x83\x40\xd7\xc7\x18\x17\xfb\x70\x23\x2f\x10\x0a\xd3\xbf\xf5\x56\x79\x23\x8a\xe2\x6b\xda\x5d\xe1\x6e\x2b\x3a\x0b\xd9\xdb\x70\x96\xdb\x88\x92\x29\x79\xd4\xa2\x85\x15\xb9\x9b\x91\x58\x7b\x68\x02\x86\xa0\x7a\xd8\xa0\x0b\x6e\x4a\x04\xf8\xc7\x43\x4d\xed\x1c\xdc\xe2\xa6\x0f\x65\x06\x57\x90\xf2\x64\xf6\xda\x64\x62\x79\xc8\x18\x7c\xd6\xfc\x9d\xad\x80\x8b\xaf\x0b\x5d\xf1\xd5\x7c\x66\x15\x6a\x50\xc4\xce\x44\x05\x06\x07\x39\xc5\x19\x9a\x98\x14\xd0\xa7\xe9\x3b\x1f\x1c\xdb\x19\x33\x85\xff\x1a\xa3\x83\xc2\x90\xb9\x72\x93\x28\xca\x8b\xe8\x1f\x45\xe8\x79\x3d\xbb\x4c\xf2\xd5\xbd\x10\x45\x18\x5f\x1b\x86\x60\x19\x94\x07\xdf\xf2\xff\xba\xb2\x87\xe7\xb4\x83\xd3\x76\x0a\x79\x6d\x92\xed\x7f\xd9\xe3\xcc\xb9\xf7\xe9\x38\xde\x05\xf9\x92\x8a\xdc\x9b\x73\xce\xfa\xf6\x60\xa4\xc4\x78\x2b\x6e\x24\x56\x4d\xbe\x01\xaa\x65\x25\x95\x9e\x26\x4f\xc0\xa7\x55\x73\xb7\x9b\xd0\x11\xed\x5f\x16\x81\xe5\xc4\x57\x60\xc1\x98\xb0\x0c\xb6\x62\x82\xc2\xbd\xdc\xe6\xe5\xd1\x37\x8f\x13\xb6\xd4\xda\xe0\x13\xed\xd6\x16\x7e\x9c\x42\x81\x22\x7b\x78\x9f\x48\xde\x75\xb4\x61\xed\x06\x96\x69\x8e\xcf\x61\x95\x3a\xb8\x4f\x44\xe7\xd0\xad\x05\x01\x88\x86\xdf\xff\x60\x4b\xde\x5a\xbb\xdb\xdb\x21\xfe\xc8\xe6\xca\xfd\xf0\x0b\x60\xa7\x76\xbf\x8f\x52\xfb\xa8\xc8\xb9\x7f\xbe\xd6\xe4\xfe\xd1\x87\x60\x8a\x57\x80\xfa\x67\x60\x3a\xa7\x99\xff\x83\x18\xe8\x43\xa5\xc1\x15\xff\x3b\xed\x2b\x5f\x05\xe4\x14\xd2\x3a\x3a\x9a\xe9\xa0\x27\x96\xf7\xee\x60\xea\x0c\x4a\x1f\xe6\xf5\x49\x81\x56\x26\xea\x74\xd8\x2d\x18\xfb\xcd\xb5\xb2\x49\x3c\x2e\x46\x76\x99\x7e\xea\xe5\x12\x81\xa1\xf1\x22\x3f\xd6\xb1\xd3\x56\x30\x1b\xe2\x71\xbe\x85\x16\xea\xa4\x09\x61\x92\x76\x01\x59\x3b\xee\x9d\x22\xfe\xf1\x13\x3d\xe3\xa5\x1c\xf2\x59\x11\xbf\xd1\x2e\xc4\x5d\x2a\xe0\xd1\x20\x98\x84\xaf\x35\xcc\xcc\xd6\xb5\x88\x99\xf9\x6a\xc6\x05\x1d\xd7\xb5\x51\x9c\x06\x02\xdb\x58\x36\xad\x43\x72\x50\x13\xf8\xe0\xad\xd2\xea\x26\x23\x39\x46\x77\xb2\x11\x51\xa8\x3b\xeb\x62\x4d\x28\xfe\xf2\x58\xd2\x28\x84\x2b\x4a\xe2\x7b\xd3\x55\x58\x00\x66\x21\xda\x16\xcf\xf4\xac\x62\xb0\xf2\x16\x2a\x93\x01\x28\x03\x39\xbc\x17\x6f\x60\x77\xd3\x06\x82\xda\x90\xbd\xf4\x9a\x77\xcb\x85\xa4\x19\x9b\x72\x85\x46\x95\x3d\x90\x16\x13\x7a\x4f\xd7\xf5\xa5\xfc\x97\xf3\x73\xc9\xea\xcd\x0f\x86\x89\xdd\x98\xe7\xc7\xde\xf3\x97\x7c\x8b\x76\x91\xd5\x21\x55\xe4\x05\x68\xaf\xc6\xe4\x68\xa5\x41\x11\x7b\x55\xe3\x85\x5e\x8e\xb7\x16\xbe\x8e\x52\x08\x4e\x15\x0e\x20\x17\xfe\xb6\x1d\xac\x20\xa9\xaf\xe3\x12\x85\xf2\x32\x0b\xe0\x88\x67\x60\xc8\x7f\x1e\x08\x89\x24\xeb\x99\x52\x52\x95\x59\xc3\x56\xa6\x02\xc1\x1f\xe0\x62\xc3\x43\x70\xd8\xb5\x5c\xb4\x08\x58\x9f\x12\x39\xf1\xd7\x3d\x4b\x8d\xd1\xcf\x58\xbf\x4b\x3c\x04\xff\x9f\xad\x12\xfa\x6d\x8b\x42\x5d\x51\x4e\x2e\xd1\x26\x51\xbb\xc2\x7e\xde\x2d\xf1\xf7\x7d\x6e\x58\xa7\x69\xa0\xf5\xf4\xb3\xf0\x56\x0a\x17\x47\x08\x95\xbb\x72\x8d\x96\xcd\xcb\x72\xdd\xb5\x90\xdc\x7d\x8a\x59\x2b\x9b\xe2\x37\x27\x79\x57\xde\xfe\x70\xcd\x3f\xe2\xf0\x50\xea\xb0\xd7\xaa\xc4\x94\x56\xc9\x1e\x8b\x83\x98\xf7\xfb\x51\x55\xac\xb6\xdd\xac\xda\xa0\x7c\x9d\x39\xc7\x80\xd3\xdb\x8b\xe4\x4a\xe5\x2d\x8f\x38\xc9\x44\xaa\xfe\x01\x33\x6f\xed\x08\x46\x14\xd9\xd0\x82\x7c\x94\x17\x33\xc6\x8d\x34\x0c\x6f\xbb\xf0\xb8\x96\xfb\x3b\x19\x6e\xbd\x3f\x60\xdf\x89\x4f\x7f\x77\x12\x3e\x54\x9e\x0f\xfc\x17\x49\xbe\xc0\xab\xb5\x6d\x61\x39\x50\x82\x5a\xcb\x92\x35\x19\xc3\x89\x91\x22\x83\x3e\x24\xad\xaa\xd4\x26\xf5\x74\x7c\x41\xe3\xd6\x52\x6e\xd2\x61\x9a\x68\xea\x71\x84\xc0\x4e\x8a\x12\x49\x0a\x68\x9a\x5a\x38\x6f\xcb\x04\x94\xa4\xd0\xa5\x90\x97\x30\x9c\x90\x9e\xfe\xfb\x21\xd4\x0b\x9d\xea\xa9\xee\x81\x01\x6c\x76\xc3\x20\xb0\x0d\x66\xef\xb5\x8f\x26\x73\x20\x31\x51\xf6\xa5\xa2\xb1\x62\xde\x9d\x41\xdf\x2b\xaa\x0e\x6e\xc8\xc1\xbc\x5b\x7f\x18\x2f\x64\x34\x9a\x9f\xf7\xcb\x4c\xa7\xb4\x56\x91\xd2\x9d\x8e\x56\x1f\xa8\x7a\x5a\xa8\x32\xdb\x5c\xd4\x66\x17\x15\xcb\x12\xd0\xc2\xb9\xcc\x58\x50\xfc\x61\x82\x2b\xe2\xa3\x3a\xdf\x94\xdb\x87\x4e\xf8\x77\x32\x15\xdf\xda\x58\x83\xdf\x4f\x22\x98\xc7\x2a\x68\x0a\x96\x85\x27\xe0\x4e\x2b\x73\x56\xc0\xce\x77\x7d\x5a\xb3\x51\x63\x92\x42\x0c\xf0\xad\x5b\x98\xea\x86\xe5\x01\xfd\x42\x1e\x0e\xe5\xf5\x5f\x0d\x49\x53\xad\x34\xdb\x6b\x3a\x5c\xc6\x72\xe7\x19\x6e\x8a\x66\xd7\x86\xa1\xf7\x9b\x72\x6e\x5b\x2c\x14\x40\x0e\xa1\xca\xc4\x0e\x9d\x4e\x53\x49\xa0\xcd\xc0\xf7\xfb\x11\x8c\x92\xa6\x0a\x32\x02\x3e\xf5\xc7\xf3\xed\xa3\x51\xda\x63\x78\x58\xbf\x11\x3e\xc4\x32\x35\x5e\xc1\x71\xd2\xfd\x5e\xa9\x4c\x9c\x9d\xab\x59\xbd\xea\x07\x42\x48\xb5\xdc\x04\xfe\x11\x7a\x06\xaa\x3b\x48\xcf\x8b\x4b\x36\x8f\x39\x03\x60\xe9\x8c\x2e\x69\x13\x74\xbd\x7d\x66\xf9\x73\xc0\xde\x6f\x1d\x35\xc8\x2c\xc0\x9e\x0b\x70\x56\x49\xa9\x33\xa3\x21\xd6\x33\x3c\x8c\x38\xe8\x85\xec\xc2\x9e\x94\x7d\x98\x60\xe9\x8c\x0a\x7d\x1d\xed\x78\x92\x27\x0d\x3a\xfe\x25\xe8\x73\x31\x18\x42\x37\xff\xf2\x25\xe4\x93\x5a\xd5\x52\x30\x66\xfd\x6d\xfa\x6e\x13\xea\x93\x29\x57\x0d\x89\xda\xfa\xbd\xa4\xa7\xe1\xbd\xa6\x55\xd6\xc5\x26\x7a\x51\xe2\xbe\x6e\x5a\x59\x49\x20\xac\x9b\x37\x22\x82\x4c\x77\x59\x86\x86\x6e\xc4\x35\xf6\xd0\x38\x58\x32\x2e\x50\xba\x97\x12\x77\xa3\x1e\xc9\x5c\x95\xac\xd6\xa0\x20\xc9\x7a\x44\x88\x5d\x64\x2c\xdb\xfc\x43\xae\x80\x1a\xb3\x82\x5a\x52\xff\x76\x8c\xaf\x98\x32\x0a\xac\xe6\x18\x58\x0b\x52\xb8\x04\x9c\xed\x13\xe6\x56\x8b\xb8\xac\x55\x9d\x7c\x61\x2e\x10\xb7\xc8\xf1\x31\xb5\x93\xfc\x92\xf9\x2e\x8d\x69\x3e\xe1\x38\xe2\xa4\x1c\x8b\x2b\x24\xef\xaa\x7f\x85\x7a\xc3\xf8\xab\xbe\x68\xc9\x50\x6e\x83\xf6\xf4\xe3\xd9\xe8\xba\x5b\x49\xb6\xc2\xdd\x5e\xfb\x6f\x53\x10\x67\xea\x7b\x10\xe1\x38\x61\xee\x6f\x36\x26\x29\x20\x77\x28\x8f\xa3\xa2\x17\x97\x7a\x12\xfa\x86\x02\x00\x45\xe9\xf3\xb2\x81\x5d\xa8\x5c\xcd\xb2\x24\x50\x36\x26\x76\xc0\x3a\xd9\xcf\x65\x76\x13\x61\x35\x8d\x2f\x9b\xae\x7d\x14\x52\x7c\x3f\x16\x1d\xae\xaa\xe8\xb8\x30\xba\x6b\x95\xf3\xe8\x42\xa6\x4a\xbf\x3d\x44\xf9\x5f\x0f\xce\x79\xad\x16\x9c\x9f\xa0\x2b\x9d\x40\xd1\xe2\x61\xf4\x9a\x65\xb4\x14\xef\x95\xa6\xd2\x54\xc0\x4c\x7e\xcb\x59\x13\x7f\xf1\x10\xb6\x05\xd6\xad\x45\xcc\x98\x22\x11\x1d\x7e\xca\x62\x35\x3f\x12\x59\x37\xf3\xd5\xc1\x48\x4f\x5c\x80\xa9\x18\x48\xda\x4a\x8d\x22\x5e\x57\xd2\x90\xb2\x66\x0f\x15\xac\xe1\xe5\x67\x47\xc6\xde\xfa\xe3\x90\x2e\x58\xd8\xf1\xa3\x4e\x2c\x37\x24\x57\x69\x32\x1f\x38\xf8\xdf\x78\x22\xfd\x5c\xf7\x27\xa4\xf8\x05\x11\xed\x50\x11\xb1\x72\xa7\xf0\xe6\x57\xca\x0d\x67\x81\x4d\x2f\x6e\xd7\x65\x89\xc7\x56\xba\x6b\x37\x53\xed\x3a\xd7\x37\x41\xb7\x40\xc3\xeb\x3e\x16\xea\xa9\xe7\xa8\xdc\x6d\x51\xb2\x6d\xb8\x60\x7a\xff\x0c\x0d\x27\x21\xb1\x4b\xd0\xf8\xab\xf9\xd1\x84\xc6\x22\x3c\xc3\x7c\xa2\xd2\x16\x38\x01\xd3\x86\x43\x52\x45\xd0\x9b\xc3\xda\xa0\x19\x7e\x39\x05\xc6\xf8\xc4\x63\x8e\x6d\x3d\x5a\xaa\x93\xec\x9c\x07\x91\x97\x19\x0a\x79\x9e\x38\x72\xad\x6c\xf5\x5d\x2c\x59\x29\x01\x54\x4c\x21\xb7\xf9\x1c\x05\x6e\xf1\x04\xe6\x6e\xbb\x4c\x65\x61\x0c\x81\x46\x63\x73\x83\xf7\x8f\x9b\x21\x66\x2d\xdf\xb7\x6e\xdd\xc0\xe8\xac\xeb\x66\x18\x2c\x07\xc6\xe5\xa0\x4f\x97\x5b\xdb\xef\x52\x1c\xf9\xd5\xbc\xf5\xcc\x78\xa4\x9f\x3c\x17\x46\x7b\x1e\xaa\xc3\x25\xb0\xea\xa4\x28\x98\x06\xbb\xe0\xee\xb6\x92\x40\x17\x91\xe5\xeb\x83\x77\xe3\x46\xca\x7a\x94\xc4\xe2\xb0\x29\xee\x20\xac\xdf\x73\xb5\x7b\x0d\x27\x11\x4d\x81\x38\xe1\x6d\x6b\xb7\xdc\x58\xe2\xed\x0b\xeb\x62\x50\xad\xa0\xde\xa1\x3c\xba\x1c\xe4\x8c\x30\x3a\x0f\x13\x26\xc8\x2e\x4a\xfe\xd6\x36\xa8\x01\x8a\x55\xbe\x66\xa0\x19\xa6\x0b\xc9\x0c\x4b\x54\x69\x80\x02\x9f\xb6\xa9\xb9\xce\x0e\xb7\x06\x49\x6c\x16\x61\xa8\xad\xcc\xd6\xdb\xa6\x78\x8e\x83\x00\xc0\xea\xd9\x06\xe3\x91\xd9\x74\xa9\x9c\x6d\x37\x87\x79\x1c\x1d\x6c\x67\xa5\x40\xf9\x20\x80\x8b\x1b\x0e\x03\x65\x37\x1a\x1f\xd5\x87\x6b\xaa\x0e\xb0\xfc\xd4\xa8\x3d\x7f\x04\xe0\xd6\xbe\x1e\xcf\xa1\x48\xa2\xe8\x99\x05\x91\xf0\x38\x5e\x28\xa7\x15\x93\xa5\xb6\x6c\x4c\xec\x1d\x83\x7c\x0f\xe3\x0a\xb9\xbb\xd9\xa3\xa3\x65\xf9\xc2\x4c\xad\x06\x0c\x97\x67\x00\x16\xab\xd6\x96\x0e\xfe\x46\x8d\x7f\x70\x11\x61\x79\xa2\x80\x32\xe9\xaf\xa5\xd7\x85\x9d\xd4\xe5\x02\x76\x29\x3c\x5c\x3d\x52\xd8\x52\xe4\x44\x8b\xdb\x27\xc2\xed\x27\xd3\x27\xfb\x48\x51\x8e\xf5\x36\x1b\xc7\x79\xb7\xd3\x04\x7e\xf6\xbf\x11\x6d\x36\x07\xc6\xfe\xa6\x9f\x82\x00\x3a\x2e\xa0\x07\x6b\x81\x7e\x9d\xc8\x79\xcf\x2d\x32\xa1\x29\x90\x61\xa6\x8d\xa5\x47\x20\x11\xa6\x7f\xf5\x48\x8f\xe7\x40\x22\xc7\x47\x9d\xca\x94\x98\xa3\x6f\xe6\xa2\x1b\xfa\x90\x27\x82\xa1\xaa\xaf\xb0\x3b\x67\xb1\x67\xb9\x02\xfe\xef\x4d\xcc\x7c\xe1\x0e\x9d\x7e\xd8\x27\x95\xee\x23\x03\xbc\x6e\x00\x9e\xbe\x23\xb5\x74\x5b\x9d\xd4\xaf\x77\x56\x1e\x7d\xb9\x0e\xd8\xe3\x77\x7b\x9e\x80\x69\x18\xdf\xf8\xe1\x68\xef\xfa\x1f\x2e\x5e\xb1\x05\x2e\x75\xee\x24\x80\xc2\x1c\xa5\x5f\x18\xbd\x69\xb9\x4a\xa0\xef\x20\x8b\x81\xd4\x7f\x4e\x57\x17\x01\xfd\x96\xfd\x19\xeb\xc3\xce\xb8\x52\x33\x5a\xce\x6a\x3a\x58\xce\x67\xe4\xcc\x0b\x0c\xf4\xfc\x4d\x36\x84\x16\xcd\x27\xcf\xcf\x41\x48\x39\x89\x40\x64\x13\xf8\x72\x85\x8d\x96\x7e\x7b\x1c\x6c\x0c\x26\xb8\x24\x70\x71\xb7\xe7\x1b\x4c\x70\xfb\x9d\x8e\xe2\x7b\xe4\x6c\x34\x55\xe3\x7a\xe9\x1a\x6d\xcf\x0c\x50\x95\x1a\x0b\x6d\xaf\x30\xbc\xe1\x5a\x24\x9c\x51\xb6\xb0\xd2\xe2\x9b\x01\x40\xa7\xfb\x3b\x78\xfd\xc3\x9f\x8f\x98\xa8\xee\xa7\x1e\x2c\xf4\xa6\xfc\xf3\xed\xcb\xec\x5f\xd6\xbe\xcb\x4f\xe0\xaf\xb3\x15\xbf\x64\x9b\x98\x00\x38\xb0\xa6\xa8\xb5\x33\xf3\x04\xcb\xdb\x29\x3c\x83\xec\x29\x22\x7b\x9a\xa3\x37\x6a\xd3\x14\xa0\x5d\x75\xf6\xc3\xb2\x0f\xeb\xaa\x94\x94\x9d\x0f\x91\x6a\xf5\x14\x20\xda\x36\x24\x5d\xb3\x41\x84\x09\x88\x13\xaa\xe1\xdf\x30\x76\x19\xfc\x86\x9e\x03\x58\x61\x86\x23\xae\xce\x77\x93\xed\x09\x93\x28\x89\xbb\x28\x9b\x4c\x46\xd9\xc7\x2b\x55\x75\xbb\x7f\xac\xd9\x47\xb5\x72\x2f\xba\x9a\xfb\xce\x02\xc4\x84\x89\x6d\xa8\x5a\x2c\xc8\x6f\x89\xc5\xbe\x6b\x96\xe3\xfc\x21\x31\x7c\xe0\xea\xe7\x9b\xe0\xa5\x01\xd8\xa5\x09\xb1\x4b\x7b\x0d\x16\x5a\x29\x42\x2c\xdb\xa7\x65\x61\xaf\x88\x67\x2a\x28\xc6\xc4\x48\x17\xc1\xfa\x77\xba\xdd\x88\x18\x35\x0a\x54\xff\xda\x30\xf0\x17\x60\x76\x75\xfe\xec\xec\x2e\xd0\x9c\x35\x87\xd5\x8b\xb5\x4f\xeb\xe8\x12\xdf\xcf\x4e\x2c\x05\x25\x01\x7b\xdd\x57\xe5\x2d\x9b\xb5\x4a\xe5\x60\x83\x88\x84\xf7\x74\xb9\xac\x4f\xe3\x89\xad\x2e\x75\x63\x06\x05\x28\x71\x34\x43\x6b\xb5\xf0\x93\xd8\x59\x3f\x6c\xde\x2e\xcc\xd9\xd1\xbb\x90\xa9\xa1\xb9\xd0\xe1\xf0\x9e\x23\x11\x02", 4096); *(uint8_t*)0x20001046 = 0x67; *(uint8_t*)0x20001047 = 8; *(uint8_t*)0x20001048 = 0; *(uint8_t*)0x20001049 = 9; *(uint32_t*)0x2000104a = 0; *(uint8_t*)0x2000104e = -1; *(uint8_t*)0x2000104f = 2; *(uint8_t*)0x20001050 = 0; *(uint8_t*)0x20001051 = 0; *(uint8_t*)0x20001052 = 0; *(uint8_t*)0x20001053 = 0; *(uint8_t*)0x20001054 = 0; *(uint8_t*)0x20001055 = 0; *(uint8_t*)0x20001056 = 0; *(uint8_t*)0x20001057 = 0; *(uint8_t*)0x20001058 = 0; *(uint8_t*)0x20001059 = 0; *(uint8_t*)0x2000105a = 0; *(uint8_t*)0x2000105b = 0; *(uint8_t*)0x2000105c = 0; *(uint8_t*)0x2000105d = 1; *(uint8_t*)0x2000105e = 0; *(uint8_t*)0x2000105f = 0; *(uint8_t*)0x20001060 = 0; *(uint8_t*)0x20001061 = 0; *(uint8_t*)0x20001062 = 0; *(uint8_t*)0x20001063 = 0; *(uint8_t*)0x20001064 = 0; *(uint8_t*)0x20001065 = 0; *(uint8_t*)0x20001066 = 0; *(uint8_t*)0x20001067 = 0; *(uint8_t*)0x20001068 = 0; *(uint8_t*)0x20001069 = 0; *(uint8_t*)0x2000106a = 0; *(uint8_t*)0x2000106b = 0; *(uint8_t*)0x2000106c = 0; *(uint8_t*)0x2000106d = 0; *(uint8_t*)0x2000106e = 0xfe; *(uint8_t*)0x2000106f = 0x80; *(uint8_t*)0x20001070 = 0; *(uint8_t*)0x20001071 = 0; *(uint8_t*)0x20001072 = 0; *(uint8_t*)0x20001073 = 0; *(uint8_t*)0x20001074 = 0; *(uint8_t*)0x20001075 = 0; *(uint8_t*)0x20001076 = 0; *(uint8_t*)0x20001077 = 0; *(uint8_t*)0x20001078 = 0; *(uint8_t*)0x20001079 = 0; *(uint8_t*)0x2000107a = 0; *(uint8_t*)0x2000107b = 0; *(uint8_t*)0x2000107c = 0; *(uint8_t*)0x2000107d = 0xaa; *(uint8_t*)0x2000107e = -1; *(uint8_t*)0x2000107f = 2; *(uint8_t*)0x20001080 = 0; *(uint8_t*)0x20001081 = 0; *(uint8_t*)0x20001082 = 0; *(uint8_t*)0x20001083 = 0; *(uint8_t*)0x20001084 = 0; *(uint8_t*)0x20001085 = 0; *(uint8_t*)0x20001086 = 0; *(uint8_t*)0x20001087 = 0; *(uint8_t*)0x20001088 = 0; *(uint8_t*)0x20001089 = 0; *(uint8_t*)0x2000108a = 0; *(uint8_t*)0x2000108b = 0; *(uint8_t*)0x2000108c = 0; *(uint8_t*)0x2000108d = 1; *(uint8_t*)0x2000108e = 0xc; *(uint8_t*)0x2000108f = 0x13; *(uint8_t*)0x20001090 = 0; *(uint8_t*)0x20001091 = 0; *(uint8_t*)0x20001092 = 0; *(uint8_t*)0x20001093 = 0; *(uint8_t*)0x20001094 = 0; *(uint8_t*)0x20001095 = 0; *(uint8_t*)0x20001096 = 1; *(uint8_t*)0x20001097 = 4; *(uint8_t*)0x20001098 = 0; *(uint8_t*)0x20001099 = 0; *(uint8_t*)0x2000109a = 0; *(uint8_t*)0x2000109b = 0; *(uint8_t*)0x2000109c = 4; *(uint8_t*)0x2000109d = 1; *(uint8_t*)0x2000109e = 7; *(uint8_t*)0x2000109f = 0; *(uint8_t*)0x200010a0 = 1; *(uint8_t*)0x200010a1 = 0; *(uint8_t*)0x200010a2 = 0xc2; *(uint8_t*)0x200010a3 = 4; *(uint32_t*)0x200010a4 = htobe32(0xad); *(uint8_t*)0x200010a8 = 0; *(uint8_t*)0x200010a9 = 0x78; memcpy((void*)0x200010aa, "\xe2\x13\xcb\xa9\xb5\x85\x15\xe7\xf0\xd1\xf0\xe7\xe4\x4e\x3a\xa0\xfb\x01\xf8\x12\x84\x87\x69\x80\x51\xd9\xa1\x9f\x17\xfb\xf8\xf0\xd1\xcf\x8a\x1d\xfa\x17\x73\xf4\x5a\xb6\x95\x76\x3a\x8c\x8b\x93\x62\xb8\x5b\x30\x07\xce\xc4\x77\x90\xa5\x24\xa2\xed\x20\xd6\x69\xa9\x5b\x00\xd4\x01\xbb\x0c\x75\x82\xb9\xcc\x18\x54\xe9\x7c\xf3\x10\x0d\x54\x59\x56\x0f\x06\xc9\x9f\x3c\x2b\x0c\x07\x6c\x88\x46\x8f\x56\x3c\x40\x57\x71\x6a\x4d\x7a\xfc\x64\x26\xa5\x24\x3a\x78\x26\x3d\x88\x44\x77\x8a\x2e\xe4", 120); *(uint8_t*)0x20001122 = 0xc2; *(uint8_t*)0x20001123 = 4; *(uint32_t*)0x20001124 = htobe32(-1); *(uint8_t*)0x20001128 = 1; *(uint8_t*)0x20001129 = 4; *(uint8_t*)0x2000112a = 0; *(uint8_t*)0x2000112b = 0; *(uint8_t*)0x2000112c = 0; *(uint8_t*)0x2000112d = 0; *(uint8_t*)0x2000112e = 0x3a; *(uint8_t*)0x2000112f = 8; *(uint8_t*)0x20001130 = 0; *(uint8_t*)0x20001131 = 0; *(uint32_t*)0x20001132 = 0; *(uint8_t*)0x20001136 = -1; *(uint8_t*)0x20001137 = 2; *(uint8_t*)0x20001138 = 0; *(uint8_t*)0x20001139 = 0; *(uint8_t*)0x2000113a = 0; *(uint8_t*)0x2000113b = 0; *(uint8_t*)0x2000113c = 0; *(uint8_t*)0x2000113d = 0; *(uint8_t*)0x2000113e = 0; *(uint8_t*)0x2000113f = 0; *(uint8_t*)0x20001140 = 0; *(uint8_t*)0x20001141 = 0; *(uint8_t*)0x20001142 = 0; *(uint8_t*)0x20001143 = 0; *(uint8_t*)0x20001144 = 0; *(uint8_t*)0x20001145 = 1; *(uint64_t*)0x20001146 = htobe64(0); *(uint64_t*)0x2000114e = htobe64(1); *(uint8_t*)0x20001156 = -1; *(uint8_t*)0x20001157 = 2; *(uint8_t*)0x20001158 = 0; *(uint8_t*)0x20001159 = 0; *(uint8_t*)0x2000115a = 0; *(uint8_t*)0x2000115b = 0; *(uint8_t*)0x2000115c = 0; *(uint8_t*)0x2000115d = 0; *(uint8_t*)0x2000115e = 0; *(uint8_t*)0x2000115f = 0; *(uint8_t*)0x20001160 = 0; *(uint8_t*)0x20001161 = 0; *(uint8_t*)0x20001162 = 0; *(uint8_t*)0x20001163 = 0; *(uint8_t*)0x20001164 = 0; *(uint8_t*)0x20001165 = 1; *(uint8_t*)0x20001166 = 0; *(uint8_t*)0x20001167 = 0; *(uint8_t*)0x20001168 = 0; *(uint8_t*)0x20001169 = 0; *(uint8_t*)0x2000116a = 0; *(uint8_t*)0x2000116b = 0; *(uint8_t*)0x2000116c = 0; *(uint8_t*)0x2000116d = 0; *(uint8_t*)0x2000116e = 0; *(uint8_t*)0x2000116f = 0; *(uint8_t*)0x20001170 = -1; *(uint8_t*)0x20001171 = -1; *(uint32_t*)0x20001172 = htobe32(0xe0000002); *(uint8_t*)0x20001176 = 4; *(uint8_t*)0x20001177 = 4; *(uint8_t*)0x20001178 = 0; *(uint8_t*)0x20001179 = 0xfe; *(uint32_t*)0x2000117a = 0; *(uint8_t*)0x2000117e = 0xfe; *(uint8_t*)0x2000117f = 0x80; *(uint8_t*)0x20001180 = 0; *(uint8_t*)0x20001181 = 0; *(uint8_t*)0x20001182 = 0; *(uint8_t*)0x20001183 = 0; *(uint8_t*)0x20001184 = 0; *(uint8_t*)0x20001185 = 0; *(uint8_t*)0x20001186 = 0; *(uint8_t*)0x20001187 = 0; *(uint8_t*)0x20001188 = 0; *(uint8_t*)0x20001189 = 0; *(uint8_t*)0x2000118a = 0; *(uint8_t*)0x2000118b = 0; *(uint8_t*)0x2000118c = 0; *(uint8_t*)0x2000118d = 0xaa; *(uint8_t*)0x2000118e = 0xfe; *(uint8_t*)0x2000118f = 0x80; *(uint8_t*)0x20001190 = 0; *(uint8_t*)0x20001191 = 0; *(uint8_t*)0x20001192 = 0; *(uint8_t*)0x20001193 = 0; *(uint8_t*)0x20001194 = 0; *(uint8_t*)0x20001195 = 0; *(uint8_t*)0x20001196 = 0; *(uint8_t*)0x20001197 = 0; *(uint8_t*)0x20001198 = 0; *(uint8_t*)0x20001199 = 0; *(uint8_t*)0x2000119a = 0; *(uint8_t*)0x2000119b = 0; *(uint8_t*)0x2000119c = 0; *(uint8_t*)0x2000119d = 0xaa; *(uint8_t*)0x2000119e = 8; *(uint8_t*)0x2000119f = 0; *(uint8_t*)0x200011a0 = 0xcc; STORE_BY_BITMASK(uint8_t, , 0x200011a1, 1, 0, 1); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 0, 1, 2); STORE_BY_BITMASK(uint8_t, , 0x200011a1, 7, 3, 5); *(uint32_t*)0x200011a2 = 0x66; *(uint8_t*)0x200011a6 = 0x2e; *(uint8_t*)0x200011a7 = 6; *(uint8_t*)0x200011a8 = 0; *(uint8_t*)0x200011a9 = 0; *(uint8_t*)0x200011aa = 0; *(uint8_t*)0x200011ab = 0; *(uint8_t*)0x200011ac = 0; *(uint8_t*)0x200011ad = 0; *(uint8_t*)0x200011ae = 4; *(uint8_t*)0x200011af = 1; *(uint8_t*)0x200011b0 = 0x1d; *(uint8_t*)0x200011b1 = 1; *(uint8_t*)0x200011b2 = 4; *(uint8_t*)0x200011b3 = 0; *(uint8_t*)0x200011b4 = 0; *(uint8_t*)0x200011b5 = 0; *(uint8_t*)0x200011b6 = 0; *(uint8_t*)0x200011b7 = 5; *(uint8_t*)0x200011b8 = 0x28; memcpy((void*)0x200011b9, "\x63\x76\x15\x4e\x03\x4d\x84\x68\x14\x38\xcf\x3f\xb7\x39\x01\x03\x7b\xc1\x20\x56\xd6\x16\xf4\x06\x57\xe1\x3a\xf6\x9d\x94\x1c\x9b\xeb\xbf\x32\x28\x16\x9b\xea\x1a", 40); *(uint8_t*)0x200011e6 = 0x67; *(uint8_t*)0x200011e7 = 5; *(uint8_t*)0x200011e8 = 0; *(uint8_t*)0x200011e9 = 0; *(uint8_t*)0x200011ea = 0; *(uint8_t*)0x200011eb = 0; *(uint8_t*)0x200011ec = 0; *(uint8_t*)0x200011ed = 0; *(uint8_t*)0x200011ee = 4; *(uint8_t*)0x200011ef = 1; *(uint8_t*)0x200011f0 = 0x1f; *(uint8_t*)0x200011f1 = 1; *(uint8_t*)0x200011f2 = 7; *(uint8_t*)0x200011f3 = 0; *(uint8_t*)0x200011f4 = 0; *(uint8_t*)0x200011f5 = 0; *(uint8_t*)0x200011f6 = 0; *(uint8_t*)0x200011f7 = 0; *(uint8_t*)0x200011f8 = 0; *(uint8_t*)0x200011f9 = 0; *(uint8_t*)0x200011fa = 5; *(uint8_t*)0x200011fb = 2; *(uint16_t*)0x200011fc = htobe16(4); *(uint8_t*)0x200011fe = 4; *(uint8_t*)0x200011ff = 1; *(uint8_t*)0x20001200 = 0x43; *(uint8_t*)0x20001201 = 4; *(uint8_t*)0x20001202 = 1; *(uint8_t*)0x20001203 = 0x7f; *(uint8_t*)0x20001204 = 0; *(uint8_t*)0x20001205 = 1; *(uint8_t*)0x20001206 = 0; *(uint8_t*)0x20001207 = 0; *(uint8_t*)0x20001208 = 1; *(uint8_t*)0x20001209 = 0; *(uint8_t*)0x2000120a = 1; *(uint8_t*)0x2000120b = 1; *(uint8_t*)0x2000120c = 0; *(uint8_t*)0x2000120d = 0xc2; *(uint8_t*)0x2000120e = 4; *(uint32_t*)0x2000120f = htobe32(6); *(uint8_t*)0x20001213 = 0xc2; *(uint8_t*)0x20001214 = 4; *(uint32_t*)0x20001215 = htobe32(2); *(uint8_t*)0x2000121e = 0x31; *(uint8_t*)0x2000121f = 0; *(uint8_t*)0x20001220 = 0; *(uint8_t*)0x20001221 = 0; *(uint8_t*)0x20001222 = 0; *(uint8_t*)0x20001223 = 0; *(uint8_t*)0x20001224 = 0; *(uint8_t*)0x20001225 = 0; *(uint8_t*)0x20001226 = 4; *(uint8_t*)0x20001227 = 1; *(uint8_t*)0x20001228 = 0x7e; *(uint16_t*)0x2000122e = htobe16(0x4e22); *(uint16_t*)0x20001230 = htobe16(0x4e23); *(uint16_t*)0x20001232 = htobe16(8); *(uint16_t*)0x20001234 = htobe16(0); memcpy((void*)0x20001236, "\xb7\x8e\x7d\x4c\x60\x6c\x0e\x10\xc0\xab\x4f\xa0\x12\x91\x4a\x36\x0e\x69\x09\x56\x29\x34\x6a\x08\x9a\xdb\x19\x8e\xdc\x49\x1e\x0a\x3d\x7e\x86\x84\xcc\x2e\x59\x95\xa2\xdd\x94\x19\x1c\xf1\x90\x51\x2f\x38\x4c\xc3\x34\x4f\xd9\xd4\x8a\x51\x52\x59\x39\xaa\x81\x66\x83\xbe\xf7\xa1\x88\xaa\x17\x62\xa8\x2f\x76\x41\x18\xc9\x36\xa3\x31\x1e\xdc\xee\xdf\xca\xcc\x34\x14\x80\x73\xf1\xdb\x60\x8e\x86\xd5\xdc\x35\x63\x73\x85\x6e\x4b\x58\x26\x71\x21\x66\x42\x0f\x98\x65\xe1\x93\x6a\xbe\xb2\xcf\x33\xfb\xd6\x13\x3e\xcf\xde\xdb\x33\xa9\x79\x35\xe3\xe4\x38\xb8\xfa\x0d\x99\x2b\xac\x3d\xac\xf0\x47\x29\x05\xfb\x84\xa2\xfb\x06\xf8\x5d\x9d\xe0\x78\x13\x4c\x89\xf5\x1d\x51\x79\x89\x8e\x16\xb4\xac\x96\x9d\x67\x9d\xb8\xc6\xa6\x80\xd9\x5f\x9a\xec\x7b\x10\x8e\x89\xd9\x26\x41\x4a\x11\x4e\xc6\x37\x50\x88\xd0\x2e\x86\xe6\xe5\x78\xb5\xd3\x73\x86\xfb\x0d\xe5\xb2\x46\xdb\x95\xff\x3d\xcc\xb4\x35\x62\x43\x14\x0f\x15\x00\x21\x29\x7f\x62\x69\xb3\x0b\x9f\x9b\xba\x3e\xe5\x7d\xa3\xbe\x4f\xe3\x61\xf1\xfa\xb2\xfc\x03\x80\x49\x5c", 248); struct csum_inet csum_1; csum_inet_init(&csum_1); csum_inet_update(&csum_1, (const uint8_t*)0x20000016, 16); csum_inet_update(&csum_1, (const uint8_t*)0x20000026, 16); uint32_t csum_1_chunk_2 = 0x8000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_2, 4); uint32_t csum_1_chunk_3 = 0x11000000; csum_inet_update(&csum_1, (const uint8_t*)&csum_1_chunk_3, 4); csum_inet_update(&csum_1, (const uint8_t*)0x2000122e, 8); *(uint16_t*)0x20001234 = csum_inet_digest(&csum_1); break; case 11: memcpy((void*)0x20001340, "\xf3\x08\x3f\xc4\x81\xf9\x2f\x66\x9b\x66\x0f\x38\xf6\xc7\xc4\xe2\x15\x2c\x8f\x00\x00\x00\x00\x66\x0f\x57\x23\x26\x65\x3e\x44\x0f\x93\xa4\x72\x00\x00\x00\x00\x47\xd8\x78\xcc\xc4\x81\xe9\xf6\x78\x40\xc4\x81\x62\x5a\xe4\xc4\xc1\x61\xec\x9d\x00\x00\x00\x00", 63); syz_execute_func(0x20001340); break; case 12: break; case 13: syz_open_pts(); break; } } int main(void) { syscall(SYS_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x1012ul, -1, 0ul, 0ul); use_temporary_dir(); do_sandbox_none(); return 0; } :330:4: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] kill_and_wait(pid, &status); ^ :328:3: note: previous statement is here if (current_time_ms() - start < 5000) ^ 1 error generated. compiler invocation: c++ [-o /tmp/syz-executor123253854 -DGOOS_openbsd=1 -DGOARCH_amd64=1 -DHOSTGOOS_openbsd=1 -x c - -m64 -static -lutil -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384] --- FAIL: TestGenerate/openbsd/amd64/7 (9.01s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/9 (10.04s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/2 (8.59s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/4 (9.93s) csource_test.go:122: --- FAIL: TestGenerate/openbsd/amd64/6 (9.55s) csource_test.go:122: FAIL FAIL github.com/google/syzkaller/pkg/csource 126.866s ok github.com/google/syzkaller/pkg/db (cached) ? github.com/google/syzkaller/pkg/debugtracer [no test files] ok github.com/google/syzkaller/pkg/email (cached) ? github.com/google/syzkaller/pkg/gce [no test files] ? github.com/google/syzkaller/pkg/gcs [no test files] ? github.com/google/syzkaller/pkg/hash [no test files] ok github.com/google/syzkaller/pkg/host 25.190s ? github.com/google/syzkaller/pkg/html [no test files] ok github.com/google/syzkaller/pkg/ifuzz (cached) ? github.com/google/syzkaller/pkg/ifuzz/iset [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc [no test files] ? github.com/google/syzkaller/pkg/ifuzz/powerpc/generated [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86 [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/gen [no test files] ? github.com/google/syzkaller/pkg/ifuzz/x86/generated [no test files] ok github.com/google/syzkaller/pkg/instance 7.436s ok github.com/google/syzkaller/pkg/ipc 45.288s ? github.com/google/syzkaller/pkg/ipc/ipcconfig [no test files] ? github.com/google/syzkaller/pkg/kcidb [no test files] ok github.com/google/syzkaller/pkg/kconfig 0.337s ok github.com/google/syzkaller/pkg/kd (cached) ok github.com/google/syzkaller/pkg/log (cached) ok github.com/google/syzkaller/pkg/mgrconfig 1.992s ok github.com/google/syzkaller/pkg/osutil (cached) ok github.com/google/syzkaller/pkg/report 11.405s ok github.com/google/syzkaller/pkg/repro 2.403s ? github.com/google/syzkaller/pkg/rpctype [no test files] ok github.com/google/syzkaller/pkg/runtest 71.939s ok github.com/google/syzkaller/pkg/serializer (cached) ? github.com/google/syzkaller/pkg/signal [no test files] ok github.com/google/syzkaller/pkg/symbolizer 2.167s ok github.com/google/syzkaller/pkg/tool (cached) ok github.com/google/syzkaller/pkg/vcs 73.312s ok github.com/google/syzkaller/prog 16.156s ok github.com/google/syzkaller/prog/test 11.875s ? github.com/google/syzkaller/sys [no test files] ? github.com/google/syzkaller/sys/akaros [no test files] ? github.com/google/syzkaller/sys/akaros/gen [no test files] ? github.com/google/syzkaller/sys/freebsd [no test files] ? github.com/google/syzkaller/sys/freebsd/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia [no test files] ? github.com/google/syzkaller/sys/fuchsia/fidlgen [no test files] ? github.com/google/syzkaller/sys/fuchsia/gen [no test files] ? github.com/google/syzkaller/sys/fuchsia/layout [no test files] ok github.com/google/syzkaller/sys/linux 1.755s ? github.com/google/syzkaller/sys/linux/gen [no test files] ? github.com/google/syzkaller/sys/netbsd [no test files] ? github.com/google/syzkaller/sys/netbsd/gen [no test files] ok github.com/google/syzkaller/sys/openbsd 0.582s ? github.com/google/syzkaller/sys/openbsd/gen [no test files] ? github.com/google/syzkaller/sys/syz-extract [no test files] ? github.com/google/syzkaller/sys/syz-sysgen [no test files] ? github.com/google/syzkaller/sys/targets [no test files] ? github.com/google/syzkaller/sys/test [no test files] ? github.com/google/syzkaller/sys/test/gen [no test files] ? github.com/google/syzkaller/sys/trusty [no test files] ? github.com/google/syzkaller/sys/trusty/gen [no test files] ? github.com/google/syzkaller/sys/windows [no test files] ? github.com/google/syzkaller/sys/windows/gen [no test files] ok github.com/google/syzkaller/syz-ci 2.933s ok github.com/google/syzkaller/syz-fuzzer 7.541s ok github.com/google/syzkaller/syz-hub 1.437s ok github.com/google/syzkaller/syz-hub/state 1.682s ok github.com/google/syzkaller/syz-manager 25.820s ? github.com/google/syzkaller/tools/syz-benchcmp [no test files] ? github.com/google/syzkaller/tools/syz-bisect [no test files] ? github.com/google/syzkaller/tools/syz-check [no test files] ? github.com/google/syzkaller/tools/syz-cover [no test files] ? github.com/google/syzkaller/tools/syz-crush [no test files] ? github.com/google/syzkaller/tools/syz-db [no test files] ? github.com/google/syzkaller/tools/syz-execprog [no test files] ? github.com/google/syzkaller/tools/syz-expand [no test files] ? github.com/google/syzkaller/tools/syz-fmt [no test files] ? github.com/google/syzkaller/tools/syz-hubtool [no test files] ? github.com/google/syzkaller/tools/syz-kcidb [no test files] ? github.com/google/syzkaller/tools/syz-kconf [no test files] ok github.com/google/syzkaller/tools/syz-linter (cached) ? github.com/google/syzkaller/tools/syz-make [no test files] ? github.com/google/syzkaller/tools/syz-minconfig [no test files] ? github.com/google/syzkaller/tools/syz-mutate [no test files] ? github.com/google/syzkaller/tools/syz-prog2c [no test files] ? github.com/google/syzkaller/tools/syz-reporter [no test files] ? github.com/google/syzkaller/tools/syz-repro [no test files] ? github.com/google/syzkaller/tools/syz-reprolist [no test files] ? github.com/google/syzkaller/tools/syz-runtest [no test files] ? github.com/google/syzkaller/tools/syz-showprio [no test files] ? github.com/google/syzkaller/tools/syz-stress [no test files] ? github.com/google/syzkaller/tools/syz-symbolize [no test files] ? github.com/google/syzkaller/tools/syz-testbuild [no test files] ? github.com/google/syzkaller/tools/syz-trace2syz [no test files] ok github.com/google/syzkaller/tools/syz-trace2syz/parser 0.202s ok github.com/google/syzkaller/tools/syz-trace2syz/proggen 3.040s ? github.com/google/syzkaller/tools/syz-tty [no test files] ? github.com/google/syzkaller/tools/syz-upgrade [no test files] ? github.com/google/syzkaller/tools/syz-usbgen [no test files] ok github.com/google/syzkaller/vm 16.713s ? github.com/google/syzkaller/vm/adb [no test files] ? github.com/google/syzkaller/vm/bhyve [no test files] ? github.com/google/syzkaller/vm/gce [no test files] ? github.com/google/syzkaller/vm/gvisor [no test files] ok github.com/google/syzkaller/vm/isolated 1.353s ? github.com/google/syzkaller/vm/kvm [no test files] ? github.com/google/syzkaller/vm/odroid [no test files] ? github.com/google/syzkaller/vm/qemu [no test files] ok github.com/google/syzkaller/vm/vmimpl 2.033s ? github.com/google/syzkaller/vm/vmm [no test files] ? github.com/google/syzkaller/vm/vmware [no test files] FAIL